Hi Andrey,
it looks really similar to the issue
https://bugzilla.redhat.com/show_bug.cgi?id=1590974
Can you check the access log and error log on the IPA server
server-01.example.com? It seems that the issue happens when the replica
installer tries to create the entry cn=changelog5,cn=config on the
master. It's ok if the entry already exists (the op returns 68) but I
suspect you will see a different error.
flo
On 7/8/20 6:51 PM, Andrey Ptashnik via FreeIPA-users wrote:
Florence,
Thank you for answering this. Still no luck yet, out of options where to look
at:
BEFORE:
[root@server-02 ~]# ipa-server-install --uninstall
---8<------8<------8<---
Client uninstall complete.
The ipa-client-install command was successful
[root@ipa-server-02 ~]#
[root@ipa-server-02 ~]# ls -la /var/lib/dirsrv/
total 4
drwxrwxr-x. 2 root dirsrv 6 Jul 8 10:33 .
drwxr-xr-x. 49 root root 4096 Jul 7 02:13 ..
[root@ipa-server-02 ~]#
IPA CLIENT INSTALL:
[root@ipa-server-02 ~]# ipa-client-install --enable-dns-updates --ssh-trust-dns
--mkhomedir --force-ntpd
Client configuration complete.
The ipa-client-install command was successful
[root@server-02 ~]#
DIRECTORY EMPTY STILL:
[root@server-02 ~]# ls -la /var/lib/dirsrv/
total 4
drwxrwxr-x. 2 root dirsrv 6 Jul 8 10:33 .
drwxr-xr-x. 49 root root 4096 Jul 7 02:13 ..
[root@server-02 ~]#
IPA REPLICA INSTALL:
Added server-02 to " ipaservers" host group, then:
[root@server-02 ~]# kinit admin
[root@server-02 ~]# ipa-replica-install --server server-01.example.com?
--domain example.com --setup-dns --setup-ca --forwarder 10.1xx.1xx.10
---8<------8<------8<---
[26/42]: restarting directory server
[27/42]: creating DS keytab
[28/42]: ignore time skew for initial replication
[29/42]: setting up initial replication
[error] DatabaseError: Operations error: The changelog directory
[/var/lib/dirsrv/slapd-NIX-CCCIS-COM/cldb] already exists and is not empty.
Please choose a directory that does not exist or is empty.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
TAIL OF /var/log/ipareplica-install.log
---8<------8<------8<---
2020-07-08T16:36:07Z DEBUG Restart of [email protected] complete
2020-07-08T16:36:07Z DEBUG Created connection context.ldap2_140461961785296
2020-07-08T16:36:07Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
2020-07-08T16:36:07Z DEBUG retrieving schema for SchemaCache
url=ldap://server-01.example.com:389 conn=<ldap.ldapobject.SimpleLDAPObject
instance at 0x7fbfd6914b48>
2020-07-08T16:36:08Z DEBUG Successfully updated nsDS5ReplicaId.
2020-07-08T16:36:08Z DEBUG Add or update replica config
cn=replica,dc\=example\,dc\=com,cn=mapping tree,cn=config
2020-07-08T16:36:08Z DEBUG Added replica config
cn=replica,dc\=example\,dc\=com,cn=mapping tree,cn=config
2020-07-08T16:36:08Z DEBUG Add or update replica config
cn=replica,dc\=example\,dc\=com,cn=mapping tree,cn=config
2020-07-08T16:36:08Z DEBUG No update to
cn=replica,dc\=example\,dc\=com,cn=mapping tree,cn=config necessary
2020-07-08T16:36:08Z DEBUG Unhandled LDAPError: OPERATIONS_ERROR: {'info': 'The
changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and
is not empty. Please choose a directory that does not exist or is empty.\n',
'desc': 'Operations error'}
2020-07-08T16:36:08Z DEBUG Traceback (most recent call last):
---8<------8<------8<---
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1087, in
error_handler
raise errors.DatabaseError(desc=desc, info=info)
DatabaseError: Operations error: The changelog directory
[/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty.
Please choose a directory that does not exist or is empty.
2020-07-08T16:36:08Z DEBUG [error] DatabaseError: Operations error: The
changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and
is not empty. Please choose a directory that does not exist or is empty.
2020-07-08T16:36:08Z DEBUG Destroyed connection context.ldap2_140461941923664
2020-07-08T16:36:08Z DEBUG Backing up system configuration file
'/etc/ipa/default.conf'
2020-07-08T16:36:08Z DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2020-07-08T16:36:08Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
---8<------8<------8<---
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1087, in
error_handler
raise errors.DatabaseError(desc=desc, info=info)
2020-07-08T16:36:08Z DEBUG The ipa-replica-install command failed, exception:
DatabaseError: Operations error: The changelog directory
[/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty.
Please choose a directory that does not exist or is empty.
2020-07-08T16:36:08Z ERROR Operations error: The changelog directory
[/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty.
Please choose a directory that does not exist or is empty.
2020-07-08T16:36:08Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
[root@server-02 ~]#
Regards,
Andrey
On 7/8/20, 00:01, "Florence Blanc-Renaud" <[email protected]> wrote:
On 7/7/20 10:13 PM, Andrey Ptashnik via FreeIPA-users wrote:
> Team,
>
> I'm trying to install FreeIPA replica and constantly hitting this error
below.
> OS where replica is being installed is a fresh install. IPA version 4.6.6
> After this error Master does not have any record of replica anyway.
>
> Can someone please shed some light why on the machine with fresh OS install I can
see error such "directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and
is not empty"
>
> Command that I'm using from a client machine that is already in the
domain:
>
> [root@server-02] # kinit admin
> [root@server-02] # ipa-replica-install --server server-01.example.com?
--domain example.com --setup-dns --setup-ca --forwarder 10.1xx.1xx.10
> ---8<------8<------8<------8<------8<------8<------8<------8<---
> [28/42]: ignore time skew for initial replication
> [29/42]: setting up initial replication
> [error] DatabaseError: Operations error: The changelog directory
[/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please
choose a directory that does not exist or is empty.
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> ---8<------8<------8<------8<------8<------8<------8<------8<---
>
Hi,
it looks like the machine was already configured as a replica.
Please run ipa-server-install --uninstall -U on the soon-to-be replica,
check that there is no /var/lib/dirsrv/slapd-EXAMPLE-COM directory, and
re-try with ipa-client-install and ipa-replica-install.
flo
> Regards,
>
> Andrey
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to
[email protected]
> Fedora Code of Conduct:
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%7C01%7Captashnik%40cccis.com%7C44b5fad8c194439106c308d822fbf6ed%7C1a188ae6a00241498234e47371d17cce%7C0%7C0%7C637297812860254771&sdata=eV6Fblh3FDOeUnSKldjgWNs3qc58Vir5IWGSWy3iL6o%3D&reserved=0
> List Guidelines:
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Captashnik%40cccis.com%7C44b5fad8c194439106c308d822fbf6ed%7C1a188ae6a00241498234e47371d17cce%7C0%7C0%7C637297812860254771&sdata=woqbd09LBkzexeWqPxYUwkabaU5WEP7XH6rUYoHn1wU%3D&reserved=0
> List Archives:
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Ffreeipa-users%40lists.fedorahosted.org&data=02%7C01%7Captashnik%40cccis.com%7C44b5fad8c194439106c308d822fbf6ed%7C1a188ae6a00241498234e47371d17cce%7C0%7C0%7C637297812860254771&sdata=rJ991LA8LQeav7gt%2FlaixWlwnDc6x8nAVBSRpDBr9d4%3D&reserved=0
>
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
