Hi Florence - Thank you for your response. So to answer your question -
1) the directory does exist on the master 2) the cn=changelog5,cn=config entry is missing in the dse.ldif file. Thanks. Sinh On June 1, 2021 at 9:25:53 AM, Florence Renaud (f...@redhat.com) wrote: Hi, the error looks similar to https://bugzilla.redhat.com/show_bug.cgi?id=1590974 Most of the comments are private in this BZ because they refer to customer deployments, but the issue can happen if cn=changelog5,cn=config is missing on the master AND the changelog directory is present. Can you check on the master if there is a directory: /var/lib/dirsrv/slapd-XXX/cldb and if there is an entry cn=changelog5,cn=config in /etc/dirsrv/slapd-XXX/dse.ldif? flo On Wed, May 26, 2021 at 8:41 PM Sinh Lam via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: Hi Everyone - I’m running into this odd issue I can’t seem to find a resolution to. Long story short, my IPA master was on a system that had a power failure. Upon bring up, the dirsrv failed to start up due to a zero byte dse.ldif file. Used a “backup” of the file and my master seemed to have came back up ok however replication seems to have stopped working. When I noticed that replication wasn’t working from the replicas to the master I went digging and found this (which led me to try to recover by removing the old replicas and trying to do a reinstall) : replica.domain.net: replica last update status: Error (6) Replication error acquiring replica: Unable to acquire replica: there is no replicated area on the consumer server. Replication is aborting. (no such replica) last update ended: 2021-05-20 15:29:28+00:00 The above “last update” corresponds with the power outage that took down the IPA master. I’m trying to re-initialize the replication by doing a reinstall of the replica server but I’m failing with the following error : Disabled p11-kit-proxy Configuring directory server (dirsrv). Estimated time: 30 seconds [1/42]: creating directory server instance [2/42]: configure autobind for root [3/42]: tune ldbm plugin [4/42]: stopping directory server [5/42]: updating configuration in dse.ldif [6/42]: starting directory server [7/42]: adding default schema [8/42]: enabling memberof plugin [9/42]: enabling winsync plugin [10/42]: configure password logging [11/42]: configuring replication version plugin [12/42]: enabling IPA enrollment plugin [13/42]: configuring uniqueness plugin [14/42]: configuring uuid plugin [15/42]: configuring modrdn plugin [16/42]: configuring DNS plugin [17/42]: enabling entryUSN plugin [18/42]: configuring lockout plugin [19/42]: configuring topology plugin [20/42]: creating indices [21/42]: enabling referential integrity plugin [22/42]: configuring certmap.conf [23/42]: configure new location for managed entries [24/42]: configure dirsrv ccache and keytab [25/42]: enabling SASL mapping fallback [26/42]: restarting directory server [27/42]: creating DS keytab [28/42]: ignore time skew for initial replication [29/42]: setting up initial replication [error] DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-REPLICA-DOMAIN-NET/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. Operations error: The changelog directory [/var/lib/dirsrv/slapd-REPLICA-DOMAIN-NET/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty. The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information I’ve since done several uninstalls and verified at each uninstall the /var/lib/dirsrv directory is empty. Any pointers on how to get past this issue would be great since I have about 10 more replicas to get back up. Thanks. Sinh _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure