#6930 Reinstallation of replica fails with "Failed to load master-entry.ldif"
Opened 3 years ago by cheimes. Modified 2 years ago

version

ipa-server-4.5.0-10.el7.x86_64
389-ds-base-1.3.6.1-9.el7.x86_64

steps to reproduce

  1. install client ipa-client-install ...
  2. install replica ipa-replica-install --setup-ca
  3. uninstall replica ipa-server-install --uninstall
  4. install client ipa-client-install ...
  5. install replica ipa-replica-install --setup-ca

Step 5 fails with in step adding master entry. The issue can be avoided by removing the replica on another machine with ipa-replica-manage del REPLICA_FQDN.

suggested fix

ipa-replica-install should either be able to handle existing replica agreement and master entries by replace it automatically. Or the installer should check for the presence of preceding entries and fail right in the beginning.

log

Checking DNS forwarders, please wait ...
Run connection check to master
Connection check OK
Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd 
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd 
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 30 seconds
  [1/40]: creating directory server instance
  [2/40]: enabling ldapi
  [3/40]: configure autobind for root
  [4/40]: stopping directory server
  [5/40]: updating configuration in dse.ldif
  [6/40]: starting directory server
  [7/40]: adding default schema
  [8/40]: enabling memberof plugin
  [9/40]: enabling winsync plugin
  [10/40]: configuring replication version plugin
  [11/40]: enabling IPA enrollment plugin
  [12/40]: configuring uniqueness plugin
  [13/40]: configuring uuid plugin
  [14/40]: configuring modrdn plugin
  [15/40]: configuring DNS plugin
  [16/40]: enabling entryUSN plugin
  [17/40]: configuring lockout plugin
  [18/40]: configuring topology plugin
  [19/40]: creating indices
  [20/40]: enabling referential integrity plugin
  [21/40]: configuring certmap.conf
  [22/40]: configure new location for managed entries
  [23/40]: configure dirsrv ccache
  [24/40]: enabling SASL mapping fallback
  [25/40]: restarting directory server
  [26/40]: creating DS keytab
  [27/40]: setting up initial replication
...
Starting replication, please wait until this has completed.
Update in progress, 4 seconds elapsed
Update succeeded

  [28/40]: adding sasl mappings to the directory
  [29/40]: updating schema
  [30/40]: setting Auto Member configuration
  [31/40]: enabling S4U2Proxy delegation
  [32/40]: initializing group membership
  [33/40]: adding master entry
ipa         : CRITICAL Failed to load master-entry.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpRxNzmY -H ldapi://%2Fvar%2Frun%2Fslapd-IPA.EXAMPLE.socket -Y EXTERNAL' returned non-zero exit status 68
  [error] CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpRxNzmY -H ldapi://%2Fvar%2Frun%2Fslapd-IPA.EXAMPLE.socket -Y EXTERNAL' returned non-zero exit status 68
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    Command '/usr/bin/ldapmodify -v -f /tmp/tmpRxNzmY -H ldapi://%2Fvar%2Frun%2Fslapd-IPA.EXAMPLE.socket -Y EXTERNAL' returned non-zero exit status 68
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

This happens after incomplete cleanup of replica's records after uninstalling the replica. We should check for the master entry at the beginning and fail with the suggestion to run post-mortem removal.

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.7

3 years ago

Metadata Update from @pvoborni:
- Issue tagged with: bug

3 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)

2 years ago

FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone

Login to comment on this ticket.

Metadata