freeipa

Clone
Source Code
GIT

#9194 The ipa-replica-install command failed, exception: RuntimeError: Too many ID ranges
Closed: duplicate 2 years ago by rcritten. Opened 2 years ago by 2dfox.

Closed: duplicate
Reopen Issue

Request for enhancement

As <persona, e.g. admin> , I want <what?> so that <why?>.

Issue

When attempting to promote a new replica, I receive the following error:

The ipa-replica-install command failed, exception: RuntimeError: Too many ID ranges

2022-06-27T15:15:40Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: Too many ID ranges
2022-06-27T15:15:40Z ERROR Too many ID ranges
2022-06-27T15:15:40Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

Steps to Reproduce

ipa-replica-install

Actual behavior

Error out with a message of:
2022-06-27T15:15:40Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

Expected behavior

Create Replica

Version/Release/Distribution

package freeipa-server is not installed
package freeipa-client is not installed
ipa-server-4.9.6-10.module_el8.5.0+1055+c415bbe9.x86_64
ipa-client-4.9.6-10.module_el8.5.0+1055+c415bbe9.x86_64
389-ds-base-1.4.3.23-12.module_el8.5.0+1056+b3c5a4b9.x86_64
pki-ca-10.11.2-2.module_el8.5.0+945+a81e57da.noarch
krb5-server-1.18.2-14.el8.x86_64

Additional info:

2022-06-27T15:15:40Z DEBUG Configuring SID generation
2022-06-27T15:15:40Z DEBUG [1/7]: creating samba domain object
2022-06-27T15:15:40Z DEBUG step duration: SID generation __create_samba_domain_object 0.01 sec
2022-06-27T15:15:40Z DEBUG [2/7]: adding admin(group) SIDs
2022-06-27T15:15:40Z DEBUG step duration: SID generation __add_admin_sids 0.01 sec
2022-06-27T15:15:40Z DEBUG [3/7]: adding RID bases
2022-06-27T15:15:40Z CRITICAL Found more than one local domain ID range with no RID base set.

[root@atlipa1 ~]# ipa idrange-find --all --raw

2 ranges matched

dn: cn=STREAMTECH.IO_id_range,cn=ranges,cn=etc,dc=streamtech,dc=io
cn: STREAMTECH.IO_id_range
ipabaseid: 589600000
ipaidrangesize: 200000
iparangetype: ipa-local
objectclass: top
objectclass: ipaIDrange
objectclass: ipaDomainIDRange

dn: cn=STREAMTECH.IO_id_range2,cn=ranges,cn=etc,dc=streamtech,dc=io
cn: STREAMTECH.IO_id_range2
ipabaseid: 10000
ipaidrangesize: 100000
iparangetype: ipa-local
objectclass: ipaIDrange
objectclass: ipadomainidrange

Number of entries returned 2

This is a duplicate of a ticket you just commented on: https://pagure.io/freeipa/issue/9076

It is, however the ticket has been untouched and this issue breaks replica.
I can't delete, I can't modify even to rectify the issue.

[root@ipa1 ~]# ipa idrange-mod
Range name: STREAMTECH.IO_id_range
ipa: ERROR: This command can not be used to change ID allocation for local IPA domain. Run ipa help idrange for more information

[root@ipa1 ~]# ipa idrange-del STREAMTECH.IO_id_range2
ipa: ERROR: invalid 'ipabaseid,ipaidrangesize': range modification leaving objects with ID out of the defined range is not allowed
Edited 2 years ago by 2dfox

Fixed it in my case by adding the following attributes :

ipaBaseRID
ipaSecondaryBaseRID

To the following tree
cn=etc / cn=ranges
and place the above both in the [your ranges] view.

Metadata Update from @rcritten:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)
2 years ago

Log in to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.