Re: [Freeipa-users] F20 Problem upgrading to 4.1

Thu, 30 Oct 2014 01:49:04 -0700 

On 30/10/14 06:09, Michael Lasevich wrote:

Maybe I should not be doing this late at night, but I cannot find
"cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config " anywhere.

-M


IMO something bad happens during the ipa upgrade,

can you remove

ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com

entry, and run ipa-ldap-updater --upgrade, then reinstall DNS  (rerun 
ipa-dns-install)

Let me know if it works.



On 10/29/14, 3:03 AM, Martin Basti wrote:

On 28/10/14 20:54, Michael Lasevich wrote:

I have a pair of servers that were both installed on clean Fedora20
4.0.1 from pviktori copr repo and then upgraded from mkosek to 4.1

During update, secondary was done first and worked but primary run into
trouble as described

Looking under cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com I get one
entry with dn:

ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com

Not sure what of that you need there, but for ipk11Label it has:
dnssec-replica:infra-dc-02.my.domain.com. (which is the replica that IS
working)

Thanks,

-M

On 10/28/14, 3:21 AM, Martin Basti wrote:

On 28/10/14 06:14, Michael Lasevich wrote:

Running into same thing, but running ipa-dnsinstall does not complete:

=============================
Configuring DNS (named)
    [1/8]: generating rndc key file
WARNING: Your system is running out of entropy, you may experience
long delays
    [2/8]: setting up our own record
    [3/8]: adding NS record to the zones
    [4/8]: setting up CA record
    [5/8]: setting up kerberos principal
    [6/8]: setting up named.conf
    [7/8]: configuring named to start on boot
    [8/8]: changing resolv.conf to point to ourselves
Done configuring DNS (named).
Configuring DNS key synchronization service (ipa-dnskeysyncd)
    [1/6]: checking status
    [2/6]: setting up kerberos principal
    [3/6]: setting up SoftHSM
    [4/6]: adding DNSSEC containers
    [5/6]: creating replica keys
    [error] DuplicateEntry: This entry already exists
Unexpected error - see /var/log/ipaserver-install.log for details:
DuplicateEntry: This entry already exists
=============================

Looking into the /var/log/ipaserver-install.log gets:
=============================
2014-10-28T05:01:24Z DEBUG Storing replica public key to LDAP,
ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com

2014-10-28T05:01:24Z DEBUG flushing
ldap://infra-dc-01.my.domain.com:389 from SchemaCache
2014-10-28T05:01:24Z DEBUG retrieving schema for SchemaCache
url=ldap://infra-dc-01.my.domain.com:389
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x47d0d88>
2014-10-28T05:01:24Z DEBUG Traceback (most recent call last):
    File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
382, in start_creation run_step(full_msg, method)
    File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
372, in run_step method()
    File
"/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",

line 340, in __setup_replica_keys ldap.add_entry(entry)
    File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1592, in add_entry self.conn.add_s(entry.dn, attrs.items())
    File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
    File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1169, in error_handler raise errors.DuplicateEntry()
DuplicateEntry: This entry already exists

2014-10-28T05:01:24Z DEBUG   [error] DuplicateEntry: This entry
already exists
2014-10-28T05:01:24Z DEBUG   File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 646, in run_script
      return_value = main_function()
    File "/sbin/ipa-dns-install", line 218, in main
dnskeysyncd.create_instance(api.env.host, api.env.realm)
    File
"/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",

line 128, in create_instance self.start_creation()
    File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
382, in start_creation run_step(full_msg, method)
    File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
372, in run_step method()
    File
"/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",

line 340, in __setup_replica_keys ldap.add_entry(entry)
    File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1592, in add_entry self.conn.add_s(entry.dn, attrs.items())
    File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
    File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1169, in error_handler raise errors.DuplicateEntry()
2014-10-28T05:01:24Z DEBUG The ipa-dns-install command failed,
exception: DuplicateEntry: This entry already exists

Hello Michael,

can you send me which entries do you have in
cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com, it looks like directory
server doesn't generate uniqueID for keys.

Do you have upgraded IPA or fresh installed?

Martin^2


Can you send me content of cn=IPK11 Unique IDs,cn=IPA
UUID,cn=plugins,cn=config entry? (If exists)
It looks like DS doesn't generate unique IDs

Martin^2





--
Martin Basti

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to