ipa-server-4.5.0-10.el7.x86_64 389-ds-base-1.3.6.1-9.el7.x86_64
ipa-client-install ...
ipa-replica-install --setup-ca
ipa-server-install --uninstall
Step 5 fails with in step adding master entry. The issue can be avoided by removing the replica on another machine with ipa-replica-manage del REPLICA_FQDN.
adding master entry
ipa-replica-manage del REPLICA_FQDN
ipa-replica-install should either be able to handle existing replica agreement and master entries by replace it automatically. Or the installer should check for the presence of preceding entries and fail right in the beginning.
ipa-replica-install
Checking DNS forwarders, please wait ... Run connection check to master Connection check OK Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 30 seconds [1/40]: creating directory server instance [2/40]: enabling ldapi [3/40]: configure autobind for root [4/40]: stopping directory server [5/40]: updating configuration in dse.ldif [6/40]: starting directory server [7/40]: adding default schema [8/40]: enabling memberof plugin [9/40]: enabling winsync plugin [10/40]: configuring replication version plugin [11/40]: enabling IPA enrollment plugin [12/40]: configuring uniqueness plugin [13/40]: configuring uuid plugin [14/40]: configuring modrdn plugin [15/40]: configuring DNS plugin [16/40]: enabling entryUSN plugin [17/40]: configuring lockout plugin [18/40]: configuring topology plugin [19/40]: creating indices [20/40]: enabling referential integrity plugin [21/40]: configuring certmap.conf [22/40]: configure new location for managed entries [23/40]: configure dirsrv ccache [24/40]: enabling SASL mapping fallback [25/40]: restarting directory server [26/40]: creating DS keytab [27/40]: setting up initial replication ... Starting replication, please wait until this has completed. Update in progress, 4 seconds elapsed Update succeeded [28/40]: adding sasl mappings to the directory [29/40]: updating schema [30/40]: setting Auto Member configuration [31/40]: enabling S4U2Proxy delegation [32/40]: initializing group membership [33/40]: adding master entry ipa : CRITICAL Failed to load master-entry.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpRxNzmY -H ldapi://%2Fvar%2Frun%2Fslapd-IPA.EXAMPLE.socket -Y EXTERNAL' returned non-zero exit status 68 [error] CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpRxNzmY -H ldapi://%2Fvar%2Frun%2Fslapd-IPA.EXAMPLE.socket -Y EXTERNAL' returned non-zero exit status 68 Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR Command '/usr/bin/ldapmodify -v -f /tmp/tmpRxNzmY -H ldapi://%2Fvar%2Frun%2Fslapd-IPA.EXAMPLE.socket -Y EXTERNAL' returned non-zero exit status 68 ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
This happens after incomplete cleanup of replica's records after uninstalling the replica. We should check for the master entry at the beginning and fail with the suggestion to run post-mortem removal.
Metadata Update from @pvoborni: - Issue set to the milestone: FreeIPA 4.7
Metadata Update from @pvoborni: - Issue tagged with: bug
Metadata Update from @rcritten: - Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)
FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone
Login to comment on this ticket.