Bug 1354493
| Summary: | Replica install fails with old IPA master | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Kaleem <ksiddiqu> | ||||
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Kaleem <ksiddiqu> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 7.3 | CC: | ksiddiqu, nkinder, nsoman, pvoborni, rcritten, rmeggins, spoore | ||||
| Target Milestone: | rc | Keywords: | Regression, TestBlocker | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | ipa-4.4.0-3.el7 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-11-04 05:57:23 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Kaleem
2016-07-11 12:29:05 UTC
Not able to attach log file at the moment. Hello, Kaleem, Could you take a look at this bug? Could it be the same problem? https://bugzilla.redhat.com/show_bug.cgi?id=1353592 Thanks. (In reply to Kaleem)
> Keywords: TestBlocker
Did you have a chance to try the latest 389-ds-base-1.3.5.10-3.el7?
With new ds build able to proceed further but install still fails with following error message ipa.ipapython.install.cli.install_tool(Replica): ERROR container entry (cn=servers,cn=dns) not found snip from console output... Run connection check to master Connection check OK Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 1 minute [1/42]: creating directory server user [2/42]: creating directory server instance [3/42]: updating configuration in dse.ldif [4/42]: restarting directory server [5/42]: adding default schema [6/42]: enabling memberof plugin [7/42]: enabling winsync plugin [8/42]: configuring replication version plugin [9/42]: enabling IPA enrollment plugin [10/42]: enabling ldapi [11/42]: configuring uniqueness plugin [12/42]: configuring uuid plugin [13/42]: configuring modrdn plugin [14/42]: configuring DNS plugin [15/42]: enabling entryUSN plugin [16/42]: configuring lockout plugin [17/42]: configuring topology plugin [18/42]: creating indices [19/42]: enabling referential integrity plugin [20/42]: configuring ssl for ds instance [21/42]: configuring certmap.conf [22/42]: configure autobind for root [23/42]: configure new location for managed entries [24/42]: configure dirsrv ccache [25/42]: enabling SASL mapping fallback [26/42]: restarting directory server [27/42]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 4 seconds elapsed Update succeeded [28/42]: adding sasl mappings to the directory [29/42]: updating schema [30/42]: setting Auto Member configuration [31/42]: enabling S4U2Proxy delegation [32/42]: importing CA certificates from LDAP [33/42]: initializing group membership [34/42]: adding master entry [35/42]: initializing domain level [36/42]: configuring Posix uid/gid generation [37/42]: adding replication acis [38/42]: enabling compatibility plugin [39/42]: activating sidgen plugin [40/42]: activating extdom plugin [41/42]: tuning directory server [42/42]: configuring directory to start on boot Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds [1/27]: creating certificate server user [2/27]: configuring certificate server instance [3/27]: stopping certificate server instance to update CS.cfg [4/27]: backing up CS.cfg [5/27]: disabling nonces [6/27]: set up CRL publishing [7/27]: enable PKIX certificate path discovery and validation [8/27]: starting certificate server instance [9/27]: creating RA agent certificate database [10/27]: importing CA chain to RA certificate database [11/27]: fixing RA database permissions [12/27]: setting up signing cert profile [13/27]: setting audit signing renewal to 2 years [14/27]: importing RA certificate from PKCS #12 file [15/27]: authorizing RA to modify profiles [16/27]: authorizing RA to manage lightweight CAs [17/27]: Ensure lightweight CAs container exists [18/27]: configure certmonger for renewals [19/27]: configure certificate renewals [20/27]: configure Server-Cert certificate renewal [21/27]: Configure HTTP to proxy connections [22/27]: restarting certificate server [23/27]: migrating certificate profiles to LDAP [24/27]: importing IPA certificate profiles [25/27]: adding default CA ACL [26/27]: adding 'ipa' CA entry [27/27]: updating IPA configuration Done configuring certificate server (pki-tomcatd). Restarting the directory and certificate servers Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds [1/7]: configuring KDC [2/7]: creating a keytab for the directory [3/7]: creating a keytab for the machine [4/7]: adding the password extension to the directory [5/7]: enable GSSAPI for replication [6/7]: starting the KDC [7/7]: configuring KDC to start on boot Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring ipa_memcached [1/2]: starting ipa_memcached [2/2]: configuring ipa_memcached to start on boot Done configuring ipa_memcached. Configuring the web interface (httpd). Estimated time: 1 minute [1/20]: setting mod_nss port to 443 [2/20]: setting mod_nss cipher suite [3/20]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2 [4/20]: setting mod_nss password file [5/20]: enabling mod_nss renegotiate [6/20]: adding URL rewriting rules [7/20]: configuring httpd [8/20]: configure certmonger for renewals [9/20]: setting up httpd keytab [10/20]: setting up ssl [11/20]: importing CA certificates from LDAP [12/20]: publish CA cert [13/20]: clean up any existing httpd ccache [14/20]: configuring SELinux for httpd [15/20]: create KDC proxy user [16/20]: create KDC proxy config [17/20]: enable KDC proxy [18/20]: restarting httpd [19/20]: configuring httpd to start on boot [20/20]: enabling oddjobd Done configuring the web interface (httpd). Configuring ipa-otpd [1/2]: starting ipa-otpd [2/2]: configuring ipa-otpd to start on boot Done configuring ipa-otpd. Configuring ipa-custodia [1/5]: Generating ipa-custodia config file [2/5]: Making sure custodia container exists [3/5]: Generating ipa-custodia keys [4/5]: starting ipa-custodia [5/5]: configuring ipa-custodia to start on boot Done configuring ipa-custodia. Applying LDAP updates Upgrading IPA: [1/9]: stopping directory server [2/9]: saving configuration [3/9]: disabling listeners [4/9]: enabling DS global lock [5/9]: starting directory server [6/9]: upgrading server [7/9]: stopping directory server [8/9]: restoring configuration [9/9]: starting directory server Done. Restarting the directory server Restarting the KDC Configuring DNS (named) [1/8]: generating rndc key file [2/8]: setting up our own record [3/8]: adding NS record to the zones [4/8]: setting up kerberos principal [5/8]: setting up named.conf [6/8]: setting up server configuration [error] NotFound: container entry (cn=servers,cn=dns) not found Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR container entry (cn=servers,cn=dns) not found ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information Comment 6 is most likely an IPA error, moving to IPA. Upstream ticket: https://fedorahosted.org/freeipa/ticket/6083 Fixed upstream master: https://fedorahosted.org/freeipa/changeset/37bfd1fdde8906b2b5712d1f99f3f4be8f91ca0a *** Bug 1358886 has been marked as a duplicate of this bug. *** Verified. [root@dhcp207-47 ~]# rpm -q ipa-server ipa-server-4.4.0-3.el7.x86_64 [root@dhcp207-47 ~]# Please find the attached console output. Created attachment 1183677 [details]
installation console output
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |