Hi Florence - 

Thank you for your response.  So to answer your question - 

1) the directory does exist on the master
2) the cn=changelog5,cn=config entry is missing in the dse.ldif file. 

Thanks.

Sinh


On June 1, 2021 at 9:25:53 AM, Florence Renaud (f...@redhat.com) wrote:

Hi,
the error looks similar to https://bugzilla.redhat.com/show_bug.cgi?id=1590974
Most of the comments are private in this BZ because they refer to customer 
deployments, but the issue can happen if cn=changelog5,cn=config is missing on 
the master AND the changelog directory is present.

Can you check on the master if there is a directory: 
/var/lib/dirsrv/slapd-XXX/cldb and if there is an entry cn=changelog5,cn=config 
in /etc/dirsrv/slapd-XXX/dse.ldif?
flo

On Wed, May 26, 2021 at 8:41 PM Sinh Lam via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:
Hi Everyone - 

I’m running into this odd issue I can’t seem to find a resolution to.  Long 
story short, my IPA master was on a system that had a power failure.  Upon 
bring up, the dirsrv failed to start up due to a zero byte dse.ldif file.  Used 
a “backup” of the file and my master seemed to have came back up ok however 
replication seems to have stopped working.  

When I noticed that replication wasn’t working from the replicas to the master 
I went digging and found this (which led me to try to recover by removing the 
old replicas and trying to do a reinstall) : 

replica.domain.net: replica
  last update status: Error (6) Replication error acquiring replica: Unable to 
acquire replica: there is no replicated area on the consumer server. 
Replication is aborting. (no such replica)
  last update ended: 2021-05-20 15:29:28+00:00

The above “last update” corresponds with the power outage that took down the 
IPA master. 

I’m trying to re-initialize the replication by doing a reinstall of the replica 
server but I’m failing with the following error : 

Disabled p11-kit-proxy
Configuring directory server (dirsrv). Estimated time: 30 seconds
  [1/42]: creating directory server instance
  [2/42]: configure autobind for root
  [3/42]: tune ldbm plugin
  [4/42]: stopping directory server
  [5/42]: updating configuration in dse.ldif
  [6/42]: starting directory server
  [7/42]: adding default schema
  [8/42]: enabling memberof plugin
  [9/42]: enabling winsync plugin
  [10/42]: configure password logging
  [11/42]: configuring replication version plugin
  [12/42]: enabling IPA enrollment plugin
  [13/42]: configuring uniqueness plugin
  [14/42]: configuring uuid plugin
  [15/42]: configuring modrdn plugin
  [16/42]: configuring DNS plugin
  [17/42]: enabling entryUSN plugin
  [18/42]: configuring lockout plugin
  [19/42]: configuring topology plugin
  [20/42]: creating indices
  [21/42]: enabling referential integrity plugin
  [22/42]: configuring certmap.conf
  [23/42]: configure new location for managed entries
  [24/42]: configure dirsrv ccache and keytab
  [25/42]: enabling SASL mapping fallback
  [26/42]: restarting directory server
  [27/42]: creating DS keytab
  [28/42]: ignore time skew for initial replication
  [29/42]: setting up initial replication
  [error] DatabaseError: Operations error: The changelog directory 
[/var/lib/dirsrv/slapd-REPLICA-DOMAIN-NET/cldb] already exists and is not 
empty.  Please choose a directory that does not exist or is empty.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

Operations error: The changelog directory 
[/var/lib/dirsrv/slapd-REPLICA-DOMAIN-NET/cldb] already exists and is not 
empty.  Please choose a directory that does not exist or is empty.
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for 
more information

I’ve since done several uninstalls and verified at each uninstall the 
/var/lib/dirsrv directory is empty.  

Any pointers on how to get past this issue would be great since I have about 10 
more replicas to get back up.

Thanks.

Sinh

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to