Re: [Freeipa-users] Upgrade/Migration steps

Joshua J. Kugler Fri, 21 Jun 2013 13:43:25 -0700

On Friday, June 21, 2013 09:26:36 Rob Crittenden wrote:
> We'd need to see /var/log/ipareplica-install.log to see what the LDAP
> error is. If you look on the remote master DS access log it may have
> additional information on what was requested.


Logs attached.

10.10.0.50 is the new replica.

No metion the new replica in the error logs.  At least not that I can see.




-- 
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.edu/  ID 0x73B13B6A

2013-06-21T20:11:58Z DEBUG /usr/sbin/ipa-replica-install was invoked with 
argument "replica-info-ipan.lab.whamcloud.com.gpg" and options: 
{'no_forwarders': False, 'conf_ssh': True, 'setup_ca': True, 'ui_redirect': 
True, 'reverse_zone': None, 'trust_sshfp': False, 'unattended': False, 
'setup_pkinit': True, 'no_host_dns': False, 'mkhomedir': False, 'ip_address': 
None, 'no_reverse': False, 'setup_dns': False, 'create_sshfp': True, 
'conf_sshd': True, 'forwarders': None, 'debug': False, 'conf_ntp': False, 
'skip_conncheck': True, 'skip_schema_check': False}
2013-06-21T20:11:58Z DEBUG Loading Index file from 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2013-06-21T20:11:58Z DEBUG Loading StateFile from 
'/var/lib/ipa/sysrestore/sysrestore.state'
2013-06-21T20:11:58Z DEBUG Loading Index file from 
'/var/lib/ipa/sysrestore/sysrestore.index'
2013-06-21T20:12:10Z DEBUG Starting external process
2013-06-21T20:12:10Z DEBUG args=/usr/bin/gpg --batch --homedir 
/tmp/tmpi9cPa4ipa/ipa-hRix5l/.gnupg --passphrase-fd 0 --yes --no-tty -o 
/tmp/tmpi9cPa4ipa/files.tar -d replica-info-ipan.lab.whamcloud.com.gpg
2013-06-21T20:12:10Z DEBUG Process finished, return code=0
2013-06-21T20:12:10Z DEBUG stdout=
2013-06-21T20:12:10Z DEBUG stderr=gpg: WARNING: unsafe permissions on homedir 
`/tmp/tmpi9cPa4ipa/ipa-hRix5l/.gnupg'
gpg: keyring `/tmp/tmpi9cPa4ipa/ipa-hRix5l/.gnupg/secring.gpg' created
gpg: keyring `/tmp/tmpi9cPa4ipa/ipa-hRix5l/.gnupg/pubring.gpg' created
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected

2013-06-21T20:12:10Z DEBUG Starting external process
2013-06-21T20:12:10Z DEBUG args=tar xf /tmp/tmpi9cPa4ipa/files.tar -C 
/tmp/tmpi9cPa4ipa
2013-06-21T20:12:10Z DEBUG Process finished, return code=0
2013-06-21T20:12:10Z DEBUG stdout=
2013-06-21T20:12:10Z DEBUG stderr=
2013-06-21T20:12:10Z DEBUG Installing replica file with version 0 (0 means no 
version in prepared file).
2013-06-21T20:12:10Z DEBUG Check if ipan.lab.whamcloud.com is a primary 
hostname for localhost
2013-06-21T20:12:10Z DEBUG Primary hostname for localhost: 
ipan.lab.whamcloud.com
2013-06-21T20:12:10Z DEBUG Search DNS for ipan.lab.whamcloud.com
2013-06-21T20:12:10Z DEBUG Check if ipan.lab.whamcloud.com is not a CNAME
2013-06-21T20:12:10Z DEBUG Check reverse address of 10.10.0.50
2013-06-21T20:12:10Z DEBUG Found reverse name: ipan.lab.whamcloud.com
2013-06-21T20:12:10Z DEBUG Check if ipa0.lab.whamcloud.com is a primary 
hostname for localhost
2013-06-21T20:12:10Z DEBUG Primary hostname for localhost: 
ipa0.lab.whamcloud.com
2013-06-21T20:12:10Z DEBUG Search DNS for ipa0.lab.whamcloud.com
2013-06-21T20:12:10Z DEBUG Check if ipa0.lab.whamcloud.com is not a CNAME
2013-06-21T20:12:10Z DEBUG Check reverse address of 10.10.0.4
2013-06-21T20:12:10Z DEBUG Found reverse name: ipa0.lab.whamcloud.com
2013-06-21T20:12:10Z DEBUG Starting external process
2013-06-21T20:12:10Z DEBUG args=/sbin/ip -family inet -oneline address show
2013-06-21T20:12:10Z DEBUG Process finished, return code=0
2013-06-21T20:12:10Z DEBUG stdout=1: lo    inet 127.0.0.1/8 scope host lo\      
 valid_lft forever preferred_lft forever
2: eth0    inet 10.10.0.50/16 brd 10.10.255.255 scope global eth0\       
valid_lft forever preferred_lft forever

2013-06-21T20:12:10Z DEBUG stderr=
2013-06-21T20:12:10Z DEBUG importing all plugin modules in 
'/usr/lib/python2.7/site-packages/ipalib/plugins'...
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/config.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/entitle.py'
2013-06-21T20:12:10Z DEBUG skipping plugin module ipalib.plugins.entitle: No 
module named rhsm.connection
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/group.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/host.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py'
2013-06-21T20:12:10Z DEBUG Starting external process
2013-06-21T20:12:10Z DEBUG args=klist -V
2013-06-21T20:12:10Z DEBUG Process finished, return code=0
2013-06-21T20:12:10Z DEBUG stdout=Kerberos 5 version 1.10.3

2013-06-21T20:12:10Z DEBUG stderr=
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/role.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/service.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/user.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipalib/plugins/xmlclient.py'
2013-06-21T20:12:10Z DEBUG importing all plugin modules in 
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins'...
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/adtrust.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/baseupdate.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/dns.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/fix_replica_agreements.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/rename_managed.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_anonymous_aci.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_services.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py'
2013-06-21T20:12:10Z DEBUG importing plugin module 
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/upload_cacrt.py'
2013-06-21T20:12:11Z DEBUG ds group dirsrv exists
2013-06-21T20:12:11Z DEBUG Saving StateFile to 
'/var/lib/ipa/sysrestore/sysrestore.state'
2013-06-21T20:12:11Z DEBUG Created connection context.ldap2_51326288
2013-06-21T20:12:11Z DEBUG flushing ldaps://ipa0.lab.whamcloud.com:636 from 
SchemaCache
2013-06-21T20:12:11Z DEBUG retrieving schema for SchemaCache 
url=ldaps://ipa0.lab.whamcloud.com:636 conn=<ldap.ldapobject.SimpleLDAPObject 
instance at 0x21a45a8>
2013-06-21T20:12:12Z DEBUG flushing ldaps://ipa0.lab.whamcloud.com from 
SchemaCache
2013-06-21T20:12:12Z DEBUG retrieving schema for SchemaCache 
url=ldaps://ipa0.lab.whamcloud.com conn=<ldap.ldapobject.SimpleLDAPObject 
instance at 0x21a4d88>
2013-06-21T20:12:12Z DEBUG Created connection context.ldap2
2013-06-21T20:12:12Z DEBUG Destroyed connection context.ldap2
2013-06-21T20:12:12Z DEBUG No IPA DNS servers, skipping forward/reverse 
resolution check
2013-06-21T20:12:12Z DEBUG Destroyed connection context.ldap2_51326288
2013-06-21T20:12:12Z DEBUG Loading StateFile from 
'/var/lib/ipa/sysrestore/sysrestore.state'
2013-06-21T20:12:12Z DEBUG Checking if IPA schema is present in 
ldap://ipa0.lab.whamcloud.com:7389
2013-06-21T20:12:12Z CRITICAL CA DS schema check failed. Make sure the PKI 
service on the remote master is operational.
2013-06-21T20:12:12Z INFO   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 619, 
in run_script
    return_value = main_function()

  File "/usr/sbin/ipa-replica-install", line 640, in main
    cainstance.replica_ca_install_check(config, dogtag_master_ds_port)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 
1725, in replica_ca_install_check
    connection.start_tls_s()

  File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 625, 
in start_tls_s
    return self.conn.start_tls_s()

  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 564, in 
start_tls_s
    return self._ldap_call(self._l.start_tls_s)

  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in 
_ldap_call
    result = func(*args,**kwargs)

2013-06-21T20:12:12Z INFO The ipa-replica-install command failed, exception: 
PROTOCOL_ERROR: {'info': 'unsupported extended operation', 'desc': 'Protocol 
error'}

[21/Jun/2013:13:26:54 -0700] conn=24643 fd=290 slot=290 SSL connection from 
10.10.0.50 to 10.10.0.4
[21/Jun/2013:13:26:54 -0700] conn=24643 SSL 256-bit AES
[21/Jun/2013:13:26:54 -0700] conn=24643 op=0 BIND dn="cn=directory manager" 
method=128 version=3
[21/Jun/2013:13:26:54 -0700] conn=24643 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn="cn=directory manager"
[21/Jun/2013:13:26:54 -0700] conn=24644 fd=292 slot=292 SSL connection from 
10.10.0.50 to 10.10.0.4
[21/Jun/2013:13:26:54 -0700] conn=24644 SSL 256-bit AES
[21/Jun/2013:13:26:54 -0700] conn=24644 op=0 BIND dn="cn=directory manager" 
method=128 version=3
[21/Jun/2013:13:26:54 -0700] conn=24644 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn="cn=directory manager"
[21/Jun/2013:13:26:54 -0700] conn=24644 op=1 SRCH base="cn=config,cn=ldbm 
database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" 
attrs="nsslapd-directory"
[21/Jun/2013:13:26:54 -0700] conn=24644 op=1 RESULT err=0 tag=101 nentries=1 
etime=0
[21/Jun/2013:13:26:54 -0700] conn=24644 op=2 SRCH base="cn=schema" scope=0 
filter="(objectClass=*)" attrs="attributeTypes objectClasses"
[21/Jun/2013:13:26:54 -0700] conn=24644 op=2 RESULT err=0 tag=101 nentries=1 
etime=0
[21/Jun/2013:13:26:54 -0700] conn=24643 op=1 SRCH 
base="cn=ipaconfig,cn=etc,dc=lab,dc=whamcloud,dc=com" scope=0 
filter="(objectClass=*)" attrs=ALL
[21/Jun/2013:13:26:54 -0700] conn=24643 op=1 RESULT err=0 tag=101 nentries=1 
etime=0
[21/Jun/2013:13:26:54 -0700] conn=24643 op=2 SRCH base="cn=schema" scope=0 
filter="(objectClass=*)" attrs="attributeTypes objectClasses"
[21/Jun/2013:13:26:54 -0700] conn=24643 op=2 RESULT err=0 tag=101 nentries=1 
etime=0
[21/Jun/2013:13:26:54 -0700] conn=24645 fd=293 slot=293 connection from 
10.10.2.31 to 10.10.0.4
[21/Jun/2013:13:26:54 -0700] conn=24645 op=0 BIND dn="" method=128 version=3
[21/Jun/2013:13:26:54 -0700] conn=24645 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn=""
[21/Jun/2013:13:26:54 -0700] conn=24643 op=3 SRCH 
base="cn=computers,cn=accounts,dc=lab,dc=whamcloud,dc=com" scope=2 
filter="(fqdn=ipan.lab.whamcloud.com)" attrs="distinguishedName fqdn"
[21/Jun/2013:13:26:54 -0700] conn=24643 op=3 RESULT err=0 tag=101 nentries=0 
etime=0 notes=U
[21/Jun/2013:13:26:54 -0700] conn=24646 fd=294 slot=294 SSL connection from 
10.10.0.50 to 10.10.0.4
[21/Jun/2013:13:26:54 -0700] conn=24645 op=1 SRCH 
base="DC=lab,DC=whamcloud,DC=com" scope=2 
filter="(&(objectClass=posixAccount)(uid=root))" attrs=ALL
[21/Jun/2013:13:26:54 -0700] conn=24645 op=1 RESULT err=0 tag=101 nentries=0 
etime=0
[21/Jun/2013:13:26:54 -0700] conn=24645 op=2 SRCH 
base="DC=lab,DC=whamcloud,DC=com" scope=2 
filter="(&(objectClass=posixGroup)(memberUid=root))" attrs="gidNumber"
[21/Jun/2013:13:26:54 -0700] conn=24645 op=2 RESULT err=0 tag=101 nentries=0 
etime=0 notes=P
[21/Jun/2013:13:26:54 -0700] conn=24645 op=-1 fd=293 closed - B1
[21/Jun/2013:13:26:54 -0700] conn=24646 SSL 256-bit AES
[21/Jun/2013:13:26:54 -0700] conn=24646 op=0 BIND dn="cn=directory manager" 
method=128 version=3
[21/Jun/2013:13:26:54 -0700] conn=24646 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn="cn=directory manager"
[21/Jun/2013:13:26:54 -0700] conn=24646 op=1 SRCH 
base="cn=masters,cn=ipa,cn=etc,dc=lab,dc=whamcloud,dc=com" scope=2 
filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL
[21/Jun/2013:13:26:54 -0700] conn=24646 op=1 RESULT err=0 tag=101 nentries=0 
etime=0
[21/Jun/2013:13:26:54 -0700] conn=24646 op=2 UNBIND
[21/Jun/2013:13:26:54 -0700] conn=24646 op=2 fd=294 closed - U1
[21/Jun/2013:13:26:54 -0700] conn=24643 op=4 SRCH 
base="cn=meToipan.lab.whamcloud.com,cn=replica,cn=dc\3Dlab\2Cdc\3Dwhamcloud\2Cdc\3Dcom,cn=mapping
 tree,cn=config" scope=0 filter="(objectClass=*)" attrs="* aci"
[21/Jun/2013:13:26:54 -0700] conn=24643 op=4 RESULT err=32 tag=101 nentries=0 
etime=0
[21/Jun/2013:13:26:54 -0700] conn=24643 op=5 UNBIND
[21/Jun/2013:13:26:54 -0700] conn=24643 op=5 fd=290 closed - U1
[21/Jun/2013:13:26:54 -0700] conn=24644 op=3 UNBIND
[21/Jun/2013:13:26:54 -0700] conn=24644 op=3 fd=292 closed - U1

[21/Jun/2013:13:26:54 -0700] conn=53 fd=64 slot=64 connection from 10.10.0.50 
to 10.10.0.4
[21/Jun/2013:13:26:54 -0700] conn=53 op=0 EXT oid="1.3.6.1.4.1.1466.20037"
[21/Jun/2013:13:26:54 -0700] conn=53 op=0 RESULT err=2 tag=120 nentries=0 
etime=0
[21/Jun/2013:13:26:54 -0700] conn=53 op=1 UNBIND

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Upgrade/Migration steps

Reply via email to