Ricardo Mendes via FreeIPA-users wrote:
> Hi there,
>
> I'm unable to add a new replica to the cluster as it fails:
>
> Configuring SID generation
> [1/8]: creating samba domain object
> Samba domain object already exists
> [2/8]: adding admin(group) SIDs
> Admin SID already set, nothing to do
> Admin group SID already set, nothing to do
> [3/8]: adding RID bases
> RID bases already set, nothing to do
> [4/8]: updating Kerberos config
> 'dns_lookup_kdc' already set to 'true', nothing to do.
> [5/8]: activating sidgen task
> [6/8]: restarting Directory Server to take MS PAC and LDAP plugins changes
> into account
> [7/8]: adding fallback group
> Failed to load default-smb-group.ldif: CalledProcessError(Command
> ['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpnwzpa12h', '-H',
> 'ldapi://%2Frun%2Fslapd-DOM0-IO.socket', '-Y', 'EXTERNAL'] returned non-zero
> exit status 1: 'ldap_initialize( ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base
> )\nSASL/EXTERNAL authentication started\nSASL username:
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF:
> 0\nldap_add: Operations error (1)\n\tadditional info: Allocation of a new
> value for range cn=posix ids,cn=distributed numeric assignment
> plugin,cn=plugins,cn=config failed! Unable to proceed.\n')
> Failed to add fallback group.
> [error] CalledProcessError: CalledProcessError(Command
> ['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpnwzpa12h', '-H',
> 'ldapi://%2Frun%2Fslapd-DOM0-IO.socket', '-Y', 'EXTERNAL'] returned non-zero
> exit status 1: 'ldap_initialize( ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base
> )\nSASL/EXTERNAL authentication started\nSASL username:
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF:
> 0\nldap_add: Operations error (1)\n\tadditional info: Allocation of a new
> value for range cn=posix ids,cn=distributed numeric assignment
> plugin,cn=plugins,cn=config failed! Unable to proceed.\n')
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> CalledProcessError(Command ['/usr/bin/ldapmodify', '-v', '-f',
> '/tmp/tmpnwzpa12h', '-H', 'ldapi://%2Frun%2Fslapd-DOM0-IO.socket', '-Y',
> 'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize(
> ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )\nSASL/EXTERNAL authentication
> started\nSASL username:
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF:
> 0\nldap_add: Operations error (1)\n\tadditional info: Allocation of a new
> value for range cn=posix ids,cn=distributed numeric assignment
> plugin,cn=plugins,cn=config failed! Unable to proceed.\n')
> The ipa-replica-install command failed. See /var/log/ipareplica-install.log
> for more information
>
> ====================
> From ipareplica-install.log
> ====================
>
> adding new entry "cn=Default SMB Group,cn=groups,cn=accounts,dc=dom0,dc=io"
>
>
> 2022-02-04T16:41:54Z DEBUG stderr=ldap_initialize(
> ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )
> SASL/EXTERNAL authentication started
> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> SASL SSF: 0
> ldap_add: Operations error (1)
> additional info: Allocation of a new value for range cn=posix
> ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed!
> Unable to proceed.
>
> 2022-02-04T16:41:54Z CRITICAL Failed to load default-smb-group.ldif:
> CalledProcessError(Command ['/usr/bin/ldapmodify', '-v', '-f',
> '/tmp/tmpnwzpa12h', '-H', 'ldapi://%2Frun%2Fslapd-DOM0-IO.socket', '-Y',
> 'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize(
> ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )\nSASL/EXTERNAL au
> thentication started\nSASL username:
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF:
> 0\nldap_add: Operations error (1)\n\tadditional info: Allocation of a new
> value for range cn=posix ids,cn=distributed numeric assignment
> plugin,cn=plugins,cn=config failed! Unable to proceed.\n')
> 2022-02-04T16:41:54Z DEBUG Failed to add fallback group.
> 2022-02-04T16:41:54Z DEBUG Traceback (most recent call last):
> File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1087, in
> error_handler
> yield
> File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1587, in
> find_entries
> raise e
> File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1547, in
> find_entries
> result = self.conn.result3(id, 0)
> File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 767, in
> result3
> resp_ctrl_classes=resp_ctrl_classes
> File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 774, in
> result4
> ldap_result =
> self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
> File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 340, in
> _ldap_call
> reraise(exc_type, exc_value, exc_traceback)
> File "/usr/lib64/python3.6/site-packages/ldap/compat.py", line 46, in
> reraise
> raise exc_value
> File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 324, in
> _ldap_call
> result = func(*args,**kwargs)
> ldap.NO_SUCH_OBJECT: {'msgtype': 101, 'msgid': 4, 'result': 32, 'desc': 'No
> such object', 'ctrls': [], 'matched': 'cn=groups,cn=accounts,dc=dom0,dc=io'}
>
> During handling of the above exception, another exception occurred:
>
> Traceback (most recent call last):
> File
> "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py", line
> 327, in __add_fallback_group
> api.Backend.ldap2.get_entry(fb_group_dn)
> File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1941, in
> get_entry
> dn, attrs_list, time_limit, size_limit, get_effective_rights
> File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1644, in
> get_entry
> size_limit=size_limit, get_effective_rights=get_effective_rights,
> File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1456, in
> get_entries
> **kwargs)
> File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1594, in
> find_entries
> break
> File "/usr/lib64/python3.6/contextlib.py", line 99, in __exit__
> self.gen.throw(type, value, traceback)
> File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1097, in
> error_handler
> raise errors.NotFound(reason=arg_desc or 'no such entry')
> ipalib.errors.NotFound: no such entry
>
> During handling of the above exception, another exception occurred:
>
> Traceback (most recent call last):
> File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
> 635, in start_creation
> run_step(full_msg, method)
> File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
> 621, in run_step
> method()
> File
> "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py", line
> 333, in __add_fallback_group
> raise e
> File
> "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py", line
> 330, in __add_fallback_group
> self._ldap_mod('default-smb-group.ldif', self.sub_dict)
> File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
> 399, in _ldap_mod
> ipautil.run(args, nolog=nologlist)
> File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 599, in
> run
> p.returncode, arg_string, output_log, error_log
> ipapython.ipautil.CalledProcessError: CalledProcessError(Command
> ['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpnwzpa12h', '-H',
> 'ldapi://%2Frun%2Fslapd-DOM0-IO.socket', '-Y', 'EXTERNAL'] returned non-zero
> exit status 1: 'ldap_initialize( ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base
> )\nSASL/EXTERNAL authentication started\nSASL username:
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF:
> 0\nldap_add: Operations error (1)\n\tadditional info: Allocation of a new
> value for range cn=posix ids,cn=distributed numeric assignment
> plugin,cn=plugins,cn=config failed! Unable to proceed.\n')
>
> 2022-02-04T16:41:54Z DEBUG [error] CalledProcessError:
> CalledProcessError(Command ['/usr/bin/ldapmodify', '-v', '-f',
> '/tmp/tmpnwzpa12h', '-H', 'ldapi://%2Frun%2Fslapd-DOM0-IO.socket', '-Y',
> 'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize(
> ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )\nSASL/EXTERNAL authentication
> started\nSASL username:
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF:
> 0\nldap_add: Operations error (1)\n\tadditional info: Allocation of a new
> value for range cn=posix ids,cn=distributed numeric assignment
> plugin,cn=plugins,cn=config failed! Unable to proceed.\n')
> 2022-02-04T16:41:54Z DEBUG File
> "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 180, in
> execute
> return_value = self.run()
> File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 342,
> in run
> return cfgr.run()
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 360, in run
> return self.execute()
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 386, in execute
> for rval in self._executor():
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 431, in __runner
> exc_handler(exc_info)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 460, in _handle_execute_exception
> self._handle_exception(exc_info)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 450, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 421, in __runner
> step()
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 418, in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81,
> in run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59,
> in run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 655, in _configure
> next(executor)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 431, in __runner
> exc_handler(exc_info)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 460, in _handle_execute_exception
> self._handle_exception(exc_info)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 518, in _handle_exception
> self.__parent._handle_exception(exc_info)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 450, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 515, in _handle_exception
> super(ComponentBase, self)._handle_exception(exc_info)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 450, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 421, in __runner
> step()
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
> 418, in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81,
> in run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59,
> in run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line
> 65, in _install
> for unused in self._installer(self.parent):
> File
> "/usr/lib/python3.6/site-packages/ipaserver/install/server/__init__.py", line
> 603, in main
> replica_install(self)
> File
> "/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py",
> line 401, in decorated
> func(installer)
> File
> "/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py",
> line 1371, in install
> adtrust.install(False, options, fstore, api)
> File "/usr/lib/python3.6/site-packages/ipaserver/install/adtrust.py", line
> 483, in install
> smb.create_instance()
> File
> "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py", line
> 895, in create_instance
> self.start_creation(show_service_name=False)
> File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
> 635, in start_creation
> run_step(full_msg, method)
> File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
> 621, in run_step
> method()
> File
> "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py", line
> 333, in __add_fallback_group
> raise e
> File
> "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py", line
> 330, in __add_fallback_group
> self._ldap_mod('default-smb-group.ldif', self.sub_dict)
> File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
> 399, in _ldap_mod
> ipautil.run(args, nolog=nologlist)
> File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 599, in
> run
> p.returncode, arg_string, output_log, error_log
>
> 2022-02-04T16:41:54Z DEBUG The ipa-replica-install command failed, exception:
> CalledProcessError: CalledProcessError(Command ['/usr/bin/ldapmodify', '-v',
> '-f', '/tmp/tmpnwzpa12h', '-H', 'ldapi://%2Frun%2Fslapd-DOM0-IO.socket',
> '-Y', 'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize(
> ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )\nSASL/EXTERNAL authentication
> started\nSASL username:
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF:
> 0\nldap_add: Operations error (1)\n\tadditional info: Allocation of a new
> value for range cn=posix ids,cn=distributed numeric assignment
> plugin,cn=plugins,cn=config failed! Unable to proceed.\n')
> 2022-02-04T16:41:54Z ERROR CalledProcessError(Command ['/usr/bin/ldapmodify',
> '-v', '-f', '/tmp/tmpnwzpa12h', '-H',
> 'ldapi://%2Frun%2Fslapd-DOM0-IO.socket', '-Y', 'EXTERNAL'] returned non-zero
> exit status 1: 'ldap_initialize( ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base
> )\nSASL/EXTERNAL authentication started\nSASL username:
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF:
> 0\nldap_add: Operations error (1)\n\tadditional info: Allocation of a new
> value for range cn=posix ids,cn=distributed numeric assignment
> plugin,cn=plugins,cn=config failed! Unable to proceed.\n')
> 2022-02-04T16:41:54Z ERROR The ipa-replica-install command failed. See
> /var/log/ipareplica-install.log for more information
>
> Before this failed entry, other entries have been added successfully.
>
I'd check the DNA ranges on the existing servers to ensure that there is
enough range to split.
ipa-replica-manage dnarange-show
It should show the range(s) for all the servers.
rob
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
