[Freeipa-users] Replica install problem

Rich Megginson rmeggins at redhat.com
Fri Feb 24 22:41:03 UTC 2012 

On 02/24/2012 03:23 PM, Dan Scott wrote:
> On Fri, Feb 24, 2012 at 15:47, Rich Megginson<rmeggins at redhat.com>  wrote:
>> On 02/24/2012 09:45 AM, Dan Scott wrote:
>>> Hi,
>>>
>>> I have another replica install problem.
>>>
>>> I ran into some issues a couple of weeks ago when
>>> 389-ds-base-1.2.10-0.10.rc1.fc16.x86_64 was released. My master server
>>> is running 389-ds-base-1.2.10-0.6.a6.fc16.x86_64 and I'd like to make
>>> sure I have some good replicas before I go any further.
>> I suggest using 389-ds-base-1.2.10.2-1.fc16.x86_64 now in updates-testing
> OK, this seems to be working well. I'll run it for a few days and then
> I'll think about updating the server which is running the old version.
>
>>> I'm trying to create a new replica from a fresh install so that I have
>>> a new master and can wipe and re-install the old master.
>>>
>>> When I try to create the replica, I receive the following:
>>>
>>> Configuring directory server: Estimated time 1 minute
>>>    [1/29]: creating directory server user
>>>    [2/29]: creating directory server instance
>>>    [3/29]: adding default schema
>>>    [4/29]: enabling memberof plugin
>>>    [5/29]: enabling referential integrity plugin
>>>    [6/29]: enabling winsync plugin
>>>    [7/29]: configuring replication version plugin
>>>    [8/29]: enabling IPA enrollment plugin
>>>    [9/29]: enabling ldapi
>>>    [10/29]: configuring uniqueness plugin
>>>    [11/29]: configuring uuid plugin
>>>    [12/29]: configuring modrdn plugin
>>>    [13/29]: enabling entryUSN plugin
>>>    [14/29]: configuring lockout plugin
>>>    [15/29]: creating indices
>>>    [16/29]: configuring ssl for ds instance
>>>    [17/29]: configuring certmap.conf
>>>    [18/29]: configure autobind for root
>>>    [19/29]: configure new location for managed entries
>>>    [20/29]: restarting directory server
>>>    [21/29]: setting up initial replication
>>> Starting replication, please wait until this has completed.
>>> Update in progress
>>> Update in progress
>>> Update in progress
>>> Update in progress
>>> Update succeeded
>>>    [22/29]: adding replication acis
>>> root        : CRITICAL Failed to load replica-acis.ldif: Command
>>> '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp6_sd0Z
>>> -x -D cn=Directory Manager -y /tmp/tmp9_IlSZ' returned non-zero exit
>>> status 255
>>>    [23/29]: setting Auto Member configuration
>>> root        : CRITICAL Failed to load replica-automember.ldif: Command
>>> '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmpr1oE3X
>>> -x -D cn=Directory Manager -y /tmp/tmpmgvTdj' returned non-zero exit
>>> status 255
>>>    [24/29]: initializing group membership
>>> root        : CRITICAL Failed to load memberof-task.ldif: Command
>>> '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp5MDKm5
>>> -x -D cn=Directory Manager -y /tmp/tmpgj0hdk' returned non-zero exit
>>> status 255
>>> creation of replica failed: {'desc': "Can't contact LDAP server"}
>>>
>>> Your system may be partly configured.
>>>
>>> The /var/log/ipareplica-install.log contains the following:
>>>
>>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>>>
>>> (once for each of the 3 critical errors above). So I guess there's a
>>> problem (re)starting LDAP, or it crashes?
>> Looks like a crash.
>>
>>> The 'interesting' lines from /var/log/dirsrv/slapd-EXAMPLE-COM/errors are:
>>>
>>> [24/Feb/2012:10:29:53 -0500] - WARNING: Import is running with
>>> nsslapd-db-private-import-mem on; No other process is allowed to
>>> access the database
>>> [24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete.
>>> Processed 1 entries in 1 seconds. (1.00 entries/sec)
>>> [24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete.
>>> Processed 1 entries in 1 seconds. (1.00 entries/sec)
>>> [24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
>>> starting up
>>> [24/Feb/2012:10:29:58 -0500] - I'm resizing my cache now...cache was
>>> 840777728 and is now 8000000
>>> [24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
>>> starting up
>>> [24/Feb/2012:10:29:58 -0500] - Detected Disorderly Shutdown last time
>>> Directory Server was running, recovering database.
>> This means it crashed.
>>
>>> [24/Feb/2012:10:29:58 -0500] - libdb: unable to join the environment
>>> [24/Feb/2012:10:29:59 -0500] - slapd started.  Listening on All
>>> Interfaces port 389 for LDAP requests
>>> [24/Feb/2012:10:29:59 -0500] - The change of nsslapd-ldapilisten will
>>> not take effect until the server is restarted
>>> [24/Feb/2012:10:30:12 -0500] - Warning: Adding configuration attribute
>>> "nsslapd-security"
>>> [24/Feb/2012:10:30:13 -0500] - slapd shutting down - signaling operation
>>> threads
>>> [24/Feb/2012:10:30:13 -0500] - slapd shutting down - waiting for 1
>>> thread to terminate
>>> [24/Feb/2012:10:30:13 -0500] - slapd shutting down - closing down
>>> internal subsystems and plugins
>>> [24/Feb/2012:10:30:13 -0500] - Waiting for 4 database threads to stop
>>> [24/Feb/2012:10:30:13 -0500] - All database threads now stopped
>>> [24/Feb/2012:10:30:13 -0500] - slapd stopped.
>>> [24/Feb/2012:10:30:14 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
>>> starting up
>>> [24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for
>>> cipher AES in backend userRoot, attempting to create one...
>>> [24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher AES
>>> successfully generated and stored
>>> [24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for
>>> cipher 3DES in backend userRoot, attempting to create one...
>>> [24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher 3DES
>>> successfully generated and stored
>>> [24/Feb/2012:10:30:14 -0500] - slapd started.  Listening on All
>>> Interfaces port 389 for LDAP requests
>>> [24/Feb/2012:10:30:14 -0500] - Listening on All Interfaces port 636
>>> for LDAPS requests
>>> [24/Feb/2012:10:30:18 -0500] NSMMReplicationPlugin -
>>> agmt="cn=meTofileserver1.example.com" (fileserver1:389): Replica has a
>>> different generation ID than the local data.
>>> [24/Feb/2012:10:30:18 -0500] NSMMReplicationPlugin -
>>> repl_set_mtn_referrals: could not set referrals for replica
>>> dc=example,dc=com: 20
>>> [24/Feb/2012:10:30:18 -0500] NSMMReplicationPlugin -
>>> multimaster_be_state_change: replica dc=example,dc=com is going
>>> offline; disabling replication
>>>
>>> Any ideas?
>> 389-ds-base-1.2.10.2 fixes some of the crashing issues seen with rc1, .0,
>> and .1.
> Thanks, any idea when it will be released?
As soon as it gets enough karma (hint, hint) in the Fedora updates system.
https://admin.fedoraproject.org/updates/389-ds-base-1.2.10.2-1.fc16
> Thanks,
>
> Dan

More information about the Freeipa-users mailing list