[Freeipa-users] replication setup failure
Rob Crittenden
rcritten at redhat.com
Thu Mar 3 04:32:33 UTC 2011
Steven Jones wrote:
> 8><----
> starting replication, please wait until this has completed.
> Update in progress
> Update in progress
> Update in progress
> Update in progress
> Update in progress
> Update succeeded
> [21/27]: adding replication acis
> [22/27]: initializing group membership
> [23/27]: adding master entry
> [24/27]: configuring Posix uid/gid generation
> [25/27]: enabling compatibility plugin
> [26/27]: tuning directory server
> [27/27]: configuring directory to start on boot
> done configuring dirsrv.
> Configuring Kerberos KDC: Estimated time 30 seconds
> [1/9]: adding sasl mappings to the directory
> [2/9]: writing stash file from DS
> [3/9]: configuring KDC
> [4/9]: creating a keytab for the directory
> [5/9]: creating a keytab for the machine
> [6/9]: adding the password extension to the directory
> [7/9]: enable GSSAPI for replication
> creation of replica failed: list index out of range
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> [root at fed14-64-ipam002 ~]#
>
>
> messages log
> ==================
> Mar 3 00:12:04 fed14-64-ipam002 kernel: [11214.180151] ns-slapd[7867]:
> segfault at 0 ip 00007f
> e9a7fd5de4 sp 00007fe9617e0910 error 4 in libipa_uuid.so[7fe9a7fd3000
> +5000]
> ==================
>
> Replica install log
> ==================
> 8><----
> 2011-03-03 00:12:14,977 INFO Changing agreement
> cn=meTofed14-64-ipam002.ipa.ac.nz,cn=replica,cn
> =dc\3Dipa\2Cdc\3Dac\2Cdc\3Dnz,cn=mapping tree,cn=config to restore
> original schedule 0000-2359
> 0123456
> 2011-03-03 00:12:15,997 INFO Replication Update in progress: FALSE:
> status: 0 Replica acquired
> successfully: Incremental update succeeded: start: 20110302111214Z: end:
> 20110302111214Z
> 2011-03-03 00:12:16,048 DEBUG list index out of range
> File "/usr/sbin/ipa-replica-install", line 507, in<module>
> main()
>
> File "/usr/sbin/ipa-replica-install", line 468, in main
> install_krb(config, setup_pkinit=options.setup_pkinit)
>
> File "/usr/sbin/ipa-replica-install", line 216, in install_krb
> setup_pkinit, pkcs12_info)
>
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py",
> line 211, in create
> _replica
> self.start_creation("Configuring Kerberos KDC", 30)
>
> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 283, in start_crea
> tion
> method()
>
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py",
> line 556, in __conv
> ert_to_gssapi_replication
> r_bindpw=self.dm_password)
>
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
> line 688, in conver
> t_to_gssapi_replication
> self.gssapi_update_agreements(self.conn, r_conn)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
> line 458, in gssapi
> _update_agreements
> self.setup_krb_princs_as_replica_binddns(a, b)
>
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
> line 451, in setup_
> krb_princs_as_replica_binddns
> mod = [(ldap.MOD_ADD, "nsds5replicabinddn", a_pn[0].dn)]
> ====================
>
>
> So how to fix?
>
> regards
>
> Steven
>
Ok, this is a new one and may be similar to other hostname issues you've
run into. Can you give me the output of this search:
ldapsearch -x -b 'dc=example,dc=com' 'krbprincipalname=ldap/*' dn
I would expect the same results from both your new replica and your
existing master but if they're different that would be good to know.
I'm going to guess that either we stored a non-fqdn or we're searching
for a non-fqdn (we'll have to infer that, I think, if you have the fqdn
stored in LDAP).
We are doing a very specific search for the principal for the hostnames
on each side of the replication agreement, I'm guessing that we're not
finding one of them and we haven't taken that into consideration. I
filed https://fedorahosted.org/freeipa/ticket/1044 for this.
rob
More information about the Freeipa-users
mailing list