Bug 701763
Summary: | ipa replica install failed | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Yi Zhang <yzhang> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED DUPLICATE | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.1 | CC: | benl, jgalipea, rmeggins |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-05-11 17:50:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Yi Zhang
2011-05-03 19:14:15 UTC
Isn't this https://fedorahosted.org/freeipa/ticket/1188 ? What version of RHEL-6 ipa has this fix? Since RHEL 6.1 External Beta has begun, and this bug remains unresolved, it has been rejected as it is not proposed as exception or blocker. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. Rich: It doesn't look relate to the ticket 1188. What I observed is that all ds setup related work are done. The entry syncing are also finished. It is more like KDC related problem [i386.c root@dhcp-120 ~] ipa-replica-install /var/lib/ipa/replica-info-dhcp-120.sjc.redhat.com.gpg Directory Manager (existing master) password: Configuring ntpd [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd done configuring ntpd. Configuring directory server for the CA: Estimated time 30 seconds [1/3]: creating directory server user [2/3]: creating directory server instance [3/3]: restarting directory server done configuring pkids. Configuring certificate server: Estimated time 6 minutes [1/11]: creating certificate server user [2/11]: creating pki-ca instance [3/11]: restarting certificate server [4/11]: configuring certificate server instance [5/11]: restarting certificate server [6/11]: creating RA agent certificate database [7/11]: importing CA chain to RA certificate database [8/11]: fixing RA database permissions [9/11]: setting up signing cert profile [10/11]: set up CRL publishing [11/11]: configuring certificate server to start on boot done configuring pki-cad. Restarting the directory and certificate servers Configuring directory server: Estimated time 1 minute [1/27]: creating directory server user [2/27]: creating directory server instance [3/27]: adding default schema [4/27]: enabling memberof plugin [5/27]: enabling referential integrity plugin [6/27]: enabling winsync plugin [7/27]: configuring replication version plugin [8/27]: enabling IPA enrollment plugin [9/27]: enabling ldapi [10/27]: configuring uniqueness plugin [11/27]: configuring uuid plugin [12/27]: configuring modrdn plugin [13/27]: enabling entryUSN plugin [14/27]: configuring lockout plugin [15/27]: creating indices [16/27]: configuring ssl for ds instance [17/27]: configuring certmap.conf [18/27]: configure autobind for root [19/27]: restarting directory server [20/27]: setting up initial replication Starting replication, please wait until this has completed. Update in progress Update in progress Update in progress Update in progress Update in progress Update in progress Update succeeded [21/27]: adding replication acis [22/27]: initializing group membership [23/27]: adding master entry [24/27]: configuring Posix uid/gid generation [25/27]: enabling compatibility plugin [26/27]: tuning directory server [27/27]: configuring directory to start on boot done configuring dirsrv. Configuring Kerberos KDC: Estimated time 30 seconds [1/9]: adding sasl mappings to the directory [2/9]: writing stash file from DS [3/9]: configuring KDC [4/9]: creating a keytab for the directory [5/9]: creating a keytab for the machine [6/9]: adding the password extension to the directory [7/9]: enable GSSAPI for replication creation of replica failed: list index out of range The reason why the list index is out of range is because the search to find the principal DN for the given principal failed. The reason why the search failed is because the database is corrupted. The reason why the database is corrupted is because the replica crashed during the fixup-memberof operation. And the reason that happens is due to ticket 1188. So I just want to confirm that you are testing a version of ipa with that fix in it. This is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=698421 *** This bug has been marked as a duplicate of bug 698421 *** |