Re: [Freeipa-users] update procedure failed fedora-ds-base-1.1.3 - 389-ds-base-1.2.6.1

2010-10-25 Thread Rich Megginson

Kambiz Aghaiepour wrote:

Would there be any way to identify what causes this during replication
creation (versions ipa-server-1.2.1-4 and fedora-ds-base-1.1.3, on
centos-5.4):
  

389-ds-base-1.2.6.1 cannot replicate to previous versions of 389/fedora ds

389-ds-base-1.2.7.a3 fixes this problem and should be going into the 
testing repos soon - if you want, you can download the rpm directly from 
koji and try it out:

http://koji.fedoraproject.org/koji/buildinfo?buildID=201596

--- snip ---
Starting replication, please wait until this has completed.
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
[rhds-test-01.example.org] reports: Update failed! Status: [2 Total
update abortedLDAP error: Protocol error]
creation of replica failed: Failed to start replication

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

--- snip ---

The errorlog section is also attached.

Kambiz

  


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] update procedure failed fedora-ds-base-1.1.3 - 389-ds-base-1.2.6.1

2010-10-25 Thread Kambiz Aghaiepour
Well ... in this case I am running fedora-ds-1.1.3 across the board
still as this is pertaining to my production environment.  I attempted
to upgrade the production environment, but the %post script took about 2
hours to run, after which several userIDs were missing from the
directory, including several test accounts used by our nagios, as well
as the company CEO's account.  :(   So I reverted to fedora-ds-1.1.3.

But I really need to get the remote replica up and running.

Kambiz

Rich Megginson wrote:
 Kambiz Aghaiepour wrote:
 Would there be any way to identify what causes this during replication
 creation (versions ipa-server-1.2.1-4 and fedora-ds-base-1.1.3, on
 centos-5.4):
   
 389-ds-base-1.2.6.1 cannot replicate to previous versions of 389/fedora ds
 
 389-ds-base-1.2.7.a3 fixes this problem and should be going into the
 testing repos soon - if you want, you can download the rpm directly from
 koji and try it out:
 http://koji.fedoraproject.org/koji/buildinfo?buildID=201596
 --- snip ---
 Starting replication, please wait until this has completed.
 Update in progress
 Update in progress
 Update in progress
 Update in progress
 Update in progress
 Update in progress
 Update in progress
 Update in progress
 Update in progress
 Update in progress
 Update in progress
 Update in progress
 Update in progress
 [rhds-test-01.example.org] reports: Update failed! Status: [2 Total
 update abortedLDAP error: Protocol error]
 creation of replica failed: Failed to start replication

 Your system may be partly configured.
 Run /usr/sbin/ipa-server-install --uninstall to clean up.

 --- snip ---

 The errorlog section is also attached.

 Kambiz

   
 


-- 
All tyranny needs to gain a foothold is for people of
good conscience to remain silent.  --Thomas Jefferson

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] update procedure failed fedora-ds-base-1.1.3 - 389-ds-base-1.2.6.1

2010-10-25 Thread Rich Megginson

Kambiz Aghaiepour wrote:

Well ... in this case I am running fedora-ds-1.1.3 across the board
still as this is pertaining to my production environment.  I attempted
to upgrade the production environment, but the %post script took about 2
hours to run, after which several userIDs were missing from the
directory, including several test accounts used by our nagios, as well
as the company CEO's account.  :(

We believe this is also a bug that has been fixed by 1.2.7.a3

So I reverted to fedora-ds-1.1.3.

But I really need to get the remote replica up and running.

Kambiz

Rich Megginson wrote:
  

Kambiz Aghaiepour wrote:


Would there be any way to identify what causes this during replication
creation (versions ipa-server-1.2.1-4 and fedora-ds-base-1.1.3, on
centos-5.4):
  
  

389-ds-base-1.2.6.1 cannot replicate to previous versions of 389/fedora ds

389-ds-base-1.2.7.a3 fixes this problem and should be going into the
testing repos soon - if you want, you can download the rpm directly from
koji and try it out:
http://koji.fedoraproject.org/koji/buildinfo?buildID=201596


--- snip ---
Starting replication, please wait until this has completed.
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
[rhds-test-01.example.org] reports: Update failed! Status: [2 Total
update abortedLDAP error: Protocol error]
creation of replica failed: Failed to start replication

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

--- snip ---

The errorlog section is also attached.

Kambiz

  
  



  


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] update procedure failed fedora-ds-base-1.1.3 - 389-ds-base-1.2.6.1

2010-10-22 Thread Rich Megginson

Kambiz Aghaiepour wrote:

Currently running ipa-server-1.2.1-4 with fedora-ds-base-1.1.3-6.  I
attempted to upgrade to 389-ds-base-1.2.6.1-2 (and supporting packages)
and the procedure took an extremely long time (at least 2 hours).  There
appears to be an upgrade script that runs as part of %posttrans which runs:

/usr/sbin/setup-ds.pl -l /dev/null -u -s General.UpdateMode=offline 
/dev/null 21

I don't have the error logs unfortunately, as when I reverted the ESX
VM, I forgot to save off the log files, but what I recall was that there
were messages indicating that there were multiple passes (each took
about 4-5 minutes) and each time the rate of update dropped below a
certain amount, the update would move on to the next pass.  There were
about 25 passes through before the upgrade completed.  Mind you, this
installation is rather small IMO, as there are only 130-ish entries
under cn=users,cn=accounts.  The other thing that I noticed after the
upgrade procedure was that not all the users were defined in the
directory (most appeared to be there, but some critical users were
missing).  Suffices to say that many of our processes were broken after
the upgrade and 4 hours into the planned upgrade, I ended up backing
out.   (This same upgrade had been tested on a smaller directory and the
upgrade seemed to go without incident).
  
This may be https://bugzilla.redhat.com/show_bug.cgi?id=572018 but I 
can't be sure without more information.  We are testing a potential fix 
for this which will be available in 389-ds-base-1.2.7.a2

I'm wondering if there might be an easier way for me to go about
upgrading the installation.  For example, could I, instead of going
through the upgrade, instead, re-install a replacement 389-ds based
ipa-server host, create a new winsync agreement with my AD environment,
and then export the password data for the users in DS from the current
fedora-ds-base-1.1.3 and import it into the directory running
389-ds-base ?  If this is do-able, what all do I need to copy from the
fedora-ds-base host to the 389-ds-base host?

Thanks
Kambiz


  


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users