On Wed, 1 Feb 2023 10:00:56 -0500 Rob Crittenden <rcrit...@redhat.com> wrote: > > Since the ipa3 installation failed I'd start by uninstalling the remnants. > > You can use ipa-replica-manage dnarange-set on ipa2 to set the range to > cover your entire range. I'd encourage you to find the highest value > already used just to over a bunch of overlap searching in the DNA plugin. > > You can get a rough estimate of the last issued value with a search like: > > ldapsearch -LLL -Q -Y GSSAPI -b cn=accounts,dc=example,dc=test uidnumber > gidnumber | cut -d: -f2 | sort -un > > If you want to test it before trying another replica install create a > test user or group and it should get an uid/gid. > > On the next replica install it should give the new server half the > remaining range. > > rob >
Thanks. I managed to install the replica successfully. The ldapsearch command showed there were two ranges of used ID's. 792600000-792600036 and 792700504-792700509. (I think the first was assigned to ipa1 - the now uninstalled replica, the second to ipa2) So I chose 792600040-792700499 as dnarange for ipa2. I also set 792700510-792799999 as dnanextrange for ipa2. Then I could add the new replica with no problem. It chose 792750501-792799999 as the range for the new replica, taken from dnanextrange for ipa2. I don't think that will be a problem as I'm very unlikely to ever need more ID's. I also had a problem when uninstalling the failed replica from the last attempt that ended at this "Failed to add fallback group." error. I had done this a couple times before (due to other errors) and always used the procedure: - 'ipa-server-install --uninstall' - on ipa2: 'ipa-replica-manage clean-dangling-ruv' (as there were always leftover RUVs that the uninstall didn't delete) - checked there wasn't a leftover topology or server - then re-ran ipa-client-install and ipa-replica-install. This time the 'clean-dangling-ruv' step did not complete. It removed the RUV for 'domain' but could not delete the 'ca' RUV. Unfortunately the slapd error log got rotated which deleted the error in question but I know it was "Unable to acquire replica: error: duplicate replica ID detected" from my search history. I could not find any relevant info on this ruv cleanup error. I tried cancelling and resubmitting the cleanup but it never succeeded. So I restored the server to a snapshot I made a couple days ago before I started trying to add a new replica. After this I was able to install the replica successfully. I also registered on the Red Hat Customer Portal which allowed me to view the knowledgebase docs. They were helpful in pointing me to relevant docs pages. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_identity_management/adjusting-id-ranges-manually_configuring-and-managing-idm _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
