Re: [Freeipa-users] Replica install problem
On 02/24/2012 03:23 PM, Dan Scott wrote: On Fri, Feb 24, 2012 at 15:47, Rich Megginson wrote: On 02/24/2012 09:45 AM, Dan Scott wrote: Hi, I have another replica install problem. I ran into some issues a couple of weeks ago when 389-ds-base-1.2.10-0.10.rc1.fc16.x86_64 was released. My master server is running 389-ds-base-1.2.10-0.6.a6.fc16.x86_64 and I'd like to make sure I have some good replicas before I go any further. I suggest using 389-ds-base-1.2.10.2-1.fc16.x86_64 now in updates-testing OK, this seems to be working well. I'll run it for a few days and then I'll think about updating the server which is running the old version. I'm trying to create a new replica from a fresh install so that I have a new master and can wipe and re-install the old master. When I try to create the replica, I receive the following: Configuring directory server: Estimated time 1 minute [1/29]: creating directory server user [2/29]: creating directory server instance [3/29]: adding default schema [4/29]: enabling memberof plugin [5/29]: enabling referential integrity plugin [6/29]: enabling winsync plugin [7/29]: configuring replication version plugin [8/29]: enabling IPA enrollment plugin [9/29]: enabling ldapi [10/29]: configuring uniqueness plugin [11/29]: configuring uuid plugin [12/29]: configuring modrdn plugin [13/29]: enabling entryUSN plugin [14/29]: configuring lockout plugin [15/29]: creating indices [16/29]: configuring ssl for ds instance [17/29]: configuring certmap.conf [18/29]: configure autobind for root [19/29]: configure new location for managed entries [20/29]: restarting directory server [21/29]: setting up initial replication Starting replication, please wait until this has completed. Update in progress Update in progress Update in progress Update in progress Update succeeded [22/29]: adding replication acis root: CRITICAL Failed to load replica-acis.ldif: Command '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp6_sd0Z -x -D cn=Directory Manager -y /tmp/tmp9_IlSZ' returned non-zero exit status 255 [23/29]: setting Auto Member configuration root: CRITICAL Failed to load replica-automember.ldif: Command '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmpr1oE3X -x -D cn=Directory Manager -y /tmp/tmpmgvTdj' returned non-zero exit status 255 [24/29]: initializing group membership root: CRITICAL Failed to load memberof-task.ldif: Command '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp5MDKm5 -x -D cn=Directory Manager -y /tmp/tmpgj0hdk' returned non-zero exit status 255 creation of replica failed: {'desc': "Can't contact LDAP server"} Your system may be partly configured. The /var/log/ipareplica-install.log contains the following: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) (once for each of the 3 critical errors above). So I guess there's a problem (re)starting LDAP, or it crashes? Looks like a crash. The 'interesting' lines from /var/log/dirsrv/slapd-EXAMPLE-COM/errors are: [24/Feb/2012:10:29:53 -0500] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete. Processed 1 entries in 1 seconds. (1.00 entries/sec) [24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete. Processed 1 entries in 1 seconds. (1.00 entries/sec) [24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328 starting up [24/Feb/2012:10:29:58 -0500] - I'm resizing my cache now...cache was 84028 and is now 800 [24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328 starting up [24/Feb/2012:10:29:58 -0500] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. This means it crashed. [24/Feb/2012:10:29:58 -0500] - libdb: unable to join the environment [24/Feb/2012:10:29:59 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [24/Feb/2012:10:29:59 -0500] - The change of nsslapd-ldapilisten will not take effect until the server is restarted [24/Feb/2012:10:30:12 -0500] - Warning: Adding configuration attribute "nsslapd-security" [24/Feb/2012:10:30:13 -0500] - slapd shutting down - signaling operation threads [24/Feb/2012:10:30:13 -0500] - slapd shutting down - waiting for 1 thread to terminate [24/Feb/2012:10:30:13 -0500] - slapd shutting down - closing down internal subsystems and plugins [24/Feb/2012:10:30:13 -0500] - Waiting for 4 database threads to stop [24/Feb/2012:10:30:13 -0500] - All database threads now stopped [24/Feb/2012:10:30:13 -0500] - slapd stopped. [24/Feb/2012:10:30:14 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328 starting up [24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for cipher AES in backend userRoot, attempting to create one... [24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher AES successfully genera
Re: [Freeipa-users] Replica install problem
On Fri, Feb 24, 2012 at 15:47, Rich Megginson wrote: > On 02/24/2012 09:45 AM, Dan Scott wrote: >> >> Hi, >> >> I have another replica install problem. >> >> I ran into some issues a couple of weeks ago when >> 389-ds-base-1.2.10-0.10.rc1.fc16.x86_64 was released. My master server >> is running 389-ds-base-1.2.10-0.6.a6.fc16.x86_64 and I'd like to make >> sure I have some good replicas before I go any further. > > I suggest using 389-ds-base-1.2.10.2-1.fc16.x86_64 now in updates-testing OK, this seems to be working well. I'll run it for a few days and then I'll think about updating the server which is running the old version. >> I'm trying to create a new replica from a fresh install so that I have >> a new master and can wipe and re-install the old master. >> >> When I try to create the replica, I receive the following: >> >> Configuring directory server: Estimated time 1 minute >> [1/29]: creating directory server user >> [2/29]: creating directory server instance >> [3/29]: adding default schema >> [4/29]: enabling memberof plugin >> [5/29]: enabling referential integrity plugin >> [6/29]: enabling winsync plugin >> [7/29]: configuring replication version plugin >> [8/29]: enabling IPA enrollment plugin >> [9/29]: enabling ldapi >> [10/29]: configuring uniqueness plugin >> [11/29]: configuring uuid plugin >> [12/29]: configuring modrdn plugin >> [13/29]: enabling entryUSN plugin >> [14/29]: configuring lockout plugin >> [15/29]: creating indices >> [16/29]: configuring ssl for ds instance >> [17/29]: configuring certmap.conf >> [18/29]: configure autobind for root >> [19/29]: configure new location for managed entries >> [20/29]: restarting directory server >> [21/29]: setting up initial replication >> Starting replication, please wait until this has completed. >> Update in progress >> Update in progress >> Update in progress >> Update in progress >> Update succeeded >> [22/29]: adding replication acis >> root : CRITICAL Failed to load replica-acis.ldif: Command >> '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp6_sd0Z >> -x -D cn=Directory Manager -y /tmp/tmp9_IlSZ' returned non-zero exit >> status 255 >> [23/29]: setting Auto Member configuration >> root : CRITICAL Failed to load replica-automember.ldif: Command >> '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmpr1oE3X >> -x -D cn=Directory Manager -y /tmp/tmpmgvTdj' returned non-zero exit >> status 255 >> [24/29]: initializing group membership >> root : CRITICAL Failed to load memberof-task.ldif: Command >> '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp5MDKm5 >> -x -D cn=Directory Manager -y /tmp/tmpgj0hdk' returned non-zero exit >> status 255 >> creation of replica failed: {'desc': "Can't contact LDAP server"} >> >> Your system may be partly configured. >> >> The /var/log/ipareplica-install.log contains the following: >> >> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) >> >> (once for each of the 3 critical errors above). So I guess there's a >> problem (re)starting LDAP, or it crashes? > > Looks like a crash. > >> The 'interesting' lines from /var/log/dirsrv/slapd-EXAMPLE-COM/errors are: >> >> [24/Feb/2012:10:29:53 -0500] - WARNING: Import is running with >> nsslapd-db-private-import-mem on; No other process is allowed to >> access the database >> [24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete. >> Processed 1 entries in 1 seconds. (1.00 entries/sec) >> [24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete. >> Processed 1 entries in 1 seconds. (1.00 entries/sec) >> [24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328 >> starting up >> [24/Feb/2012:10:29:58 -0500] - I'm resizing my cache now...cache was >> 84028 and is now 800 >> [24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328 >> starting up >> [24/Feb/2012:10:29:58 -0500] - Detected Disorderly Shutdown last time >> Directory Server was running, recovering database. > > This means it crashed. > >> [24/Feb/2012:10:29:58 -0500] - libdb: unable to join the environment >> [24/Feb/2012:10:29:59 -0500] - slapd started. Listening on All >> Interfaces port 389 for LDAP requests >> [24/Feb/2012:10:29:59 -0500] - The change of nsslapd-ldapilisten will >> not take effect until the server is restarted >> [24/Feb/2012:10:30:12 -0500] - Warning: Adding configuration attribute >> "nsslapd-security" >> [24/Feb/2012:10:30:13 -0500] - slapd shutting down - signaling operation >> threads >> [24/Feb/2012:10:30:13 -0500] - slapd shutting down - waiting for 1 >> thread to terminate >> [24/Feb/2012:10:30:13 -0500] - slapd shutting down - closing down >> internal subsystems and plugins >> [24/Feb/2012:10:30:13 -0500] - Waiting for 4 database threads to stop >> [24/Feb/2012:10:30:13 -0500] - All database threads now stopped >> [24/Feb/2012:10:30:13 -0500] - slapd stopped. >> [24/Feb/2012:10:30:14 -0500] - 389-Directory/1.2.10.rc
Re: [Freeipa-users] Replica install problem
On 02/24/2012 09:45 AM, Dan Scott wrote: Hi, I have another replica install problem. I ran into some issues a couple of weeks ago when 389-ds-base-1.2.10-0.10.rc1.fc16.x86_64 was released. My master server is running 389-ds-base-1.2.10-0.6.a6.fc16.x86_64 and I'd like to make sure I have some good replicas before I go any further. I suggest using 389-ds-base-1.2.10.2-1.fc16.x86_64 now in updates-testing I'm trying to create a new replica from a fresh install so that I have a new master and can wipe and re-install the old master. When I try to create the replica, I receive the following: Configuring directory server: Estimated time 1 minute [1/29]: creating directory server user [2/29]: creating directory server instance [3/29]: adding default schema [4/29]: enabling memberof plugin [5/29]: enabling referential integrity plugin [6/29]: enabling winsync plugin [7/29]: configuring replication version plugin [8/29]: enabling IPA enrollment plugin [9/29]: enabling ldapi [10/29]: configuring uniqueness plugin [11/29]: configuring uuid plugin [12/29]: configuring modrdn plugin [13/29]: enabling entryUSN plugin [14/29]: configuring lockout plugin [15/29]: creating indices [16/29]: configuring ssl for ds instance [17/29]: configuring certmap.conf [18/29]: configure autobind for root [19/29]: configure new location for managed entries [20/29]: restarting directory server [21/29]: setting up initial replication Starting replication, please wait until this has completed. Update in progress Update in progress Update in progress Update in progress Update succeeded [22/29]: adding replication acis root: CRITICAL Failed to load replica-acis.ldif: Command '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp6_sd0Z -x -D cn=Directory Manager -y /tmp/tmp9_IlSZ' returned non-zero exit status 255 [23/29]: setting Auto Member configuration root: CRITICAL Failed to load replica-automember.ldif: Command '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmpr1oE3X -x -D cn=Directory Manager -y /tmp/tmpmgvTdj' returned non-zero exit status 255 [24/29]: initializing group membership root: CRITICAL Failed to load memberof-task.ldif: Command '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp5MDKm5 -x -D cn=Directory Manager -y /tmp/tmpgj0hdk' returned non-zero exit status 255 creation of replica failed: {'desc': "Can't contact LDAP server"} Your system may be partly configured. The /var/log/ipareplica-install.log contains the following: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) (once for each of the 3 critical errors above). So I guess there's a problem (re)starting LDAP, or it crashes? Looks like a crash. The 'interesting' lines from /var/log/dirsrv/slapd-EXAMPLE-COM/errors are: [24/Feb/2012:10:29:53 -0500] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete. Processed 1 entries in 1 seconds. (1.00 entries/sec) [24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete. Processed 1 entries in 1 seconds. (1.00 entries/sec) [24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328 starting up [24/Feb/2012:10:29:58 -0500] - I'm resizing my cache now...cache was 84028 and is now 800 [24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328 starting up [24/Feb/2012:10:29:58 -0500] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. This means it crashed. [24/Feb/2012:10:29:58 -0500] - libdb: unable to join the environment [24/Feb/2012:10:29:59 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [24/Feb/2012:10:29:59 -0500] - The change of nsslapd-ldapilisten will not take effect until the server is restarted [24/Feb/2012:10:30:12 -0500] - Warning: Adding configuration attribute "nsslapd-security" [24/Feb/2012:10:30:13 -0500] - slapd shutting down - signaling operation threads [24/Feb/2012:10:30:13 -0500] - slapd shutting down - waiting for 1 thread to terminate [24/Feb/2012:10:30:13 -0500] - slapd shutting down - closing down internal subsystems and plugins [24/Feb/2012:10:30:13 -0500] - Waiting for 4 database threads to stop [24/Feb/2012:10:30:13 -0500] - All database threads now stopped [24/Feb/2012:10:30:13 -0500] - slapd stopped. [24/Feb/2012:10:30:14 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328 starting up [24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for cipher AES in backend userRoot, attempting to create one... [24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher AES successfully generated and stored [24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for cipher 3DES in backend userRoot, attempting to create one... [24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher 3DES successfully generated and stored [24
[Freeipa-users] Replica install problem
Hi, I have another replica install problem. I ran into some issues a couple of weeks ago when 389-ds-base-1.2.10-0.10.rc1.fc16.x86_64 was released. My master server is running 389-ds-base-1.2.10-0.6.a6.fc16.x86_64 and I'd like to make sure I have some good replicas before I go any further. I'm trying to create a new replica from a fresh install so that I have a new master and can wipe and re-install the old master. When I try to create the replica, I receive the following: Configuring directory server: Estimated time 1 minute [1/29]: creating directory server user [2/29]: creating directory server instance [3/29]: adding default schema [4/29]: enabling memberof plugin [5/29]: enabling referential integrity plugin [6/29]: enabling winsync plugin [7/29]: configuring replication version plugin [8/29]: enabling IPA enrollment plugin [9/29]: enabling ldapi [10/29]: configuring uniqueness plugin [11/29]: configuring uuid plugin [12/29]: configuring modrdn plugin [13/29]: enabling entryUSN plugin [14/29]: configuring lockout plugin [15/29]: creating indices [16/29]: configuring ssl for ds instance [17/29]: configuring certmap.conf [18/29]: configure autobind for root [19/29]: configure new location for managed entries [20/29]: restarting directory server [21/29]: setting up initial replication Starting replication, please wait until this has completed. Update in progress Update in progress Update in progress Update in progress Update succeeded [22/29]: adding replication acis root: CRITICAL Failed to load replica-acis.ldif: Command '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp6_sd0Z -x -D cn=Directory Manager -y /tmp/tmp9_IlSZ' returned non-zero exit status 255 [23/29]: setting Auto Member configuration root: CRITICAL Failed to load replica-automember.ldif: Command '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmpr1oE3X -x -D cn=Directory Manager -y /tmp/tmpmgvTdj' returned non-zero exit status 255 [24/29]: initializing group membership root: CRITICAL Failed to load memberof-task.ldif: Command '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp5MDKm5 -x -D cn=Directory Manager -y /tmp/tmpgj0hdk' returned non-zero exit status 255 creation of replica failed: {'desc': "Can't contact LDAP server"} Your system may be partly configured. The /var/log/ipareplica-install.log contains the following: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) (once for each of the 3 critical errors above). So I guess there's a problem (re)starting LDAP, or it crashes? The 'interesting' lines from /var/log/dirsrv/slapd-EXAMPLE-COM/errors are: [24/Feb/2012:10:29:53 -0500] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete. Processed 1 entries in 1 seconds. (1.00 entries/sec) [24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete. Processed 1 entries in 1 seconds. (1.00 entries/sec) [24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328 starting up [24/Feb/2012:10:29:58 -0500] - I'm resizing my cache now...cache was 84028 and is now 800 [24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328 starting up [24/Feb/2012:10:29:58 -0500] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. [24/Feb/2012:10:29:58 -0500] - libdb: unable to join the environment [24/Feb/2012:10:29:59 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [24/Feb/2012:10:29:59 -0500] - The change of nsslapd-ldapilisten will not take effect until the server is restarted [24/Feb/2012:10:30:12 -0500] - Warning: Adding configuration attribute "nsslapd-security" [24/Feb/2012:10:30:13 -0500] - slapd shutting down - signaling operation threads [24/Feb/2012:10:30:13 -0500] - slapd shutting down - waiting for 1 thread to terminate [24/Feb/2012:10:30:13 -0500] - slapd shutting down - closing down internal subsystems and plugins [24/Feb/2012:10:30:13 -0500] - Waiting for 4 database threads to stop [24/Feb/2012:10:30:13 -0500] - All database threads now stopped [24/Feb/2012:10:30:13 -0500] - slapd stopped. [24/Feb/2012:10:30:14 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328 starting up [24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for cipher AES in backend userRoot, attempting to create one... [24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher AES successfully generated and stored [24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for cipher 3DES in backend userRoot, attempting to create one... [24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher 3DES successfully generated and stored [24/Feb/2012:10:30:14 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [24/Feb/2012:10:30:14 -0500] - Listening on All Interfaces port 636 for LDAPS requests [24