Hi Flo - Thank you for the instructions. Everything is back to normal and I was able to bring up a new replica in the process after the steps were done.
Sinh On June 2, 2021 at 12:46:22 AM, Florence Renaud (f...@redhat.com) wrote: Hi, thanks for the confirmation. In this case, you can fix the issue with the following procedure: To fix the master that was missing the "cn=changelog5,cn=config" entry follow these steps: [1] Remove the directory /var/lib/dirsrv/slapd-XXX/cldb [2] Use ldapmodify and add this entry dn: cn=changelog5,cn=config changetype: add objectclass: top objectclass: extensibleObject cn: changelog5 nsslapd-changelogdir: /var/lib/dirsrv/slapd-XXX/cldb nsslapd-changelogmaxage: 30d [3] Reinitialize this master from another "good" master, as this master is most likely out of date now. Don't forget to replace the slapd-XXX with your actual instance name. HTH, flo On Tue, Jun 1, 2021 at 7:55 PM Sinh Lam <s...@paran0id.org> wrote: > Hi Florence - > > Thank you for your response. So to answer your question - > > 1) the directory does exist on the master > 2) the cn=changelog5,cn=config entry is missing in the dse.ldif file. > > Thanks. > > Sinh > > > On June 1, 2021 at 9:25:53 AM, Florence Renaud (f...@redhat.com) wrote: > > Hi, > the error looks similar to > https://bugzilla.redhat.com/show_bug.cgi?id=1590974 > Most of the comments are private in this BZ because they refer to customer > deployments, but the issue can happen if cn=changelog5,cn=config is missing > on the master AND the changelog directory is present. > > Can you check on the master if there is a directory: > /var/lib/dirsrv/slapd-XXX/cldb and if there is an entry > cn=changelog5,cn=config in /etc/dirsrv/slapd-XXX/dse.ldif? > flo > > On Wed, May 26, 2021 at 8:41 PM Sinh Lam via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > >> Hi Everyone - >> >> I’m running into this odd issue I can’t seem to find a resolution to. >> Long story short, my IPA master was on a system that had a power failure. >> Upon bring up, the dirsrv failed to start up due to a zero byte dse.ldif >> file. Used a “backup” of the file and my master seemed to have came back >> up ok however replication seems to have stopped working. >> >> When I noticed that replication wasn’t working from the replicas to the >> master I went digging and found this (which led me to try to recover by >> removing the old replicas and trying to do a reinstall) : >> >> replica.domain.net: replica >> last update status: Error (6) Replication error acquiring replica: >> Unable to acquire replica: there is no replicated area on the consumer >> server. Replication is aborting. (no such replica) >> last update ended: 2021-05-20 15:29:28+00:00 >> >> The above “last update” corresponds with the power outage that took down >> the IPA master. >> >> I’m trying to re-initialize the replication by doing a reinstall of the >> replica server but I’m failing with the following error : >> >> Disabled p11-kit-proxy >> Configuring directory server (dirsrv). Estimated time: 30 seconds >> [1/42]: creating directory server instance >> [2/42]: configure autobind for root >> [3/42]: tune ldbm plugin >> [4/42]: stopping directory server >> [5/42]: updating configuration in dse.ldif >> [6/42]: starting directory server >> [7/42]: adding default schema >> [8/42]: enabling memberof plugin >> [9/42]: enabling winsync plugin >> [10/42]: configure password logging >> [11/42]: configuring replication version plugin >> [12/42]: enabling IPA enrollment plugin >> [13/42]: configuring uniqueness plugin >> [14/42]: configuring uuid plugin >> [15/42]: configuring modrdn plugin >> [16/42]: configuring DNS plugin >> [17/42]: enabling entryUSN plugin >> [18/42]: configuring lockout plugin >> [19/42]: configuring topology plugin >> [20/42]: creating indices >> [21/42]: enabling referential integrity plugin >> [22/42]: configuring certmap.conf >> [23/42]: configure new location for managed entries >> [24/42]: configure dirsrv ccache and keytab >> [25/42]: enabling SASL mapping fallback >> [26/42]: restarting directory server >> [27/42]: creating DS keytab >> [28/42]: ignore time skew for initial replication >> [29/42]: setting up initial replication >> [error] DatabaseError: Operations error: The changelog directory >> [/var/lib/dirsrv/slapd-REPLICA-DOMAIN-NET/cldb] already exists and is not >> empty. Please choose a directory that does not exist or is empty. >> Your system may be partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> >> Operations error: The changelog directory >> [/var/lib/dirsrv/slapd-REPLICA-DOMAIN-NET/cldb] already exists and is not >> empty. Please choose a directory that does not exist or is empty. >> The ipa-replica-install command failed. See >> /var/log/ipareplica-install.log for more information >> >> I’ve since done several uninstalls and verified at each uninstall the >> /var/lib/dirsrv directory is empty. >> >> Any pointers on how to get past this issue would be great since I have >> about 10 more replicas to get back up. >> >> Thanks. >> >> Sinh >> >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> Do not reply to spam on the list, report it: >> https://pagure.io/fedora-infrastructure >> >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
