[Freeipa-users] replica re-install

Rob Crittenden rcritten at redhat.com
Wed Jun 27 13:01:30 UTC 2012 

george he wrote:
> Hello,
> I re-installed fedora 17 on my machine, did "yum update", and then tried
> to install ipa-replica on myreplica.  I got the same error message as
> before:
>
> # ipa-replica-install --setup-ca /var/lib/ipa/replica-info-myreplica.gpg
> [24/30]: enabling S4U2Proxy delegation
> ipa         : CRITICAL Failed to load replica-s4u2proxy.ldif: Command
> '/usr/bin/ldapmodify -h myreplica -v -f /tmp/tmpj3jpOC -x -D
> cn=Directory Manager -y /tmp/tmpXfgq7D' returned non-zero exit status 1
>    [25/30]: initializing group membership
>    [26/30]: adding master entry
> ipa         : CRITICAL Failed to load master-entry.ldif: Command
> '/usr/bin/ldapmodify -h myreplica -v -f /tmp/tmpjAXJjq -x -D
> cn=Directory Manager -y /tmp/tmpHEZmhv' returned non-zero exit status 1
>    [27/30]: configuring Posix uid/gid generation
>
> creation of replica failed: entry=dn:
> cn=CA,cn=my.replica.edu,cn=masters,cn=ipa,cn=etc,dc=my,dc=replica,dc=edu
> cn: CA
> ipaconfigstring: enabledService
> ipaconfigstring: startOrder 50
> objectclass: nsContainer
> objectclass: ipaConfigObject
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> The same error message was displayed after running
> /usr/sbin/ipa-server-install --uninstall
> and then re-run the installation. Here is what at the end of
> /var/log/ipareplica-install.log:
>
>    File "/sbin/ipa-replica-install", line 494, in <module>
>      main()
>
>    File "/sbin/ipa-replica-install", line 437, in main
> util.realm_to_suffix(config.realm_name))
>
>    File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 311, in ldap_enable
>      self.admin_conn.addEntry(entry)
>
>    File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
> 496, in addEntry
>      self.__handle_errors(e, arg_desc=arg_desc)
>
>    File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
> 312, in __handle_errors
>      raise errors.NotFound(reason=arg_desc)
>
> Any suggestions?

It would appear the previous uninstall didn't remove the CA. Did you 
have to run pkiremove in order to get the CA to install the second 
go-around?

What I would do is do the uninstall again. Do an ldapsearch on 
cn=my.replica.edu,cn=masters,cn=ipa,cn=etc,dc=my,dc=replica,dc=edu on 
another master and confirm that it is empty. If it isn't then use 
ldapdelete to remove that entry and its children.

Then verify that the CA is gone, see if /var/lib/pki-ca exists. If it 
does use pkiremove to delete the instance.

I think the next install will work. I believe the replica-s4u2proxy 
failure can be ignored, we have a ticket open on that.

rob

More information about the Freeipa-users mailing list