#5474 migration to 4.3 from RHEL 6.7 fails on generating ipa-custodia keys
Closed: Fixed None Opened 8 years ago by pvoborni.

Versions used:

  • freeipa-server-4.2.90.201511131102GITc972d0b-0.fc22.x86_64
  • ipa-server-3.0.0-47.el6.x86_64

Possible reason:

cn=custodia,cn=ipa,cn=etc,$SUFFIX does not exist on the server. Probably because updates were not run yet and bootstrap-template.ldif is not applied on replica install.

Assuming the same issue will appear when installing replica against other non-4-3 master.

Traceback:

<snip>
Done configuring the web interface (httpd).
Configuring ipa-otpd
  [1/2]: starting ipa-otpd 
  [2/2]: configuring ipa-otpd to start on boot
Done configuring ipa-otpd.
Configuring ipa-custodia
  [1/4]: Generating ipa-custodia config file
  [2/4]: Generating ipa-custodia keys
  [error] NO_SUCH_OBJECT: {'desc': 'No such object'}
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    {'desc': 'No such object'}
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

from ipareplica-install.log:

2015-11-20T17:26:32Z DEBUG   duration: 0 seconds
2015-11-20T17:26:32Z DEBUG   [2/4]: Generating ipa-custodia keys
2015-11-20T17:26:37Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 445, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 435, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/custodiainstance.py", line 55, in __gen_keys
    KeyStore.generate_server_keys()
  File "/usr/lib/python2.7/site-packages/ipapython/secrets/kem.py", line 181, in generate_server_keys
    ldapconn.set_key(KEY_USAGE_SIG, self.host, principal, pubkeys[0])
  File "/usr/lib/python2.7/site-packages/ipapython/secrets/kem.py", line 127, in set_key
    conn.modify_s(dn, mods)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 364, in modify_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 465, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 469, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 476, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 483, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
NO_SUCH_OBJECT: {'desc': 'No such object'}

Additional info:

[20/Nov/2015:18:26:36 +0100] conn=50 op=1 ADD dn="cn=sig/test.example.com,cn=custodia,cn=ipa,cn=etc,dc=example.com"
[20/Nov/2015:18:26:36 +0100] conn=50 op=1 RESULT err=32 tag=105 nentries=0 etime=0 csn=564f57ce000000030000
[20/Nov/2015:18:26:36 +0100] conn=50 op=2 MOD dn="cn=sig/test.example.com,cn=custodia,cn=ipa,cn=etc,dc=example.com"
[20/Nov/2015:18:26:36 +0100] conn=50 op=2 RESULT err=32 tag=103 nentries=0 etime=0

master:

  • 79f32a6 custodia: Make sure container is created with first custodia replica

Metadata Update from @pvoborni:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 4.3

7 years ago

Login to comment on this ticket.

Metadata