Maybe I should not be doing this late at night, but I cannot find "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config " anywhere.
-M On 10/29/14, 3:03 AM, Martin Basti wrote: > On 28/10/14 20:54, Michael Lasevich wrote: >> I have a pair of servers that were both installed on clean Fedora20 >> 4.0.1 from pviktori copr repo and then upgraded from mkosek to 4.1 >> >> During update, secondary was done first and worked but primary run into >> trouble as described >> >> Looking under cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com I get one >> entry with dn: >> >> ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com >> >> Not sure what of that you need there, but for ipk11Label it has: >> dnssec-replica:infra-dc-02.my.domain.com. (which is the replica that IS >> working) >> >> Thanks, >> >> -M >> >> On 10/28/14, 3:21 AM, Martin Basti wrote: >>> On 28/10/14 06:14, Michael Lasevich wrote: >>>> Running into same thing, but running ipa-dnsinstall does not complete: >>>> >>>> ============================= >>>> Configuring DNS (named) >>>> [1/8]: generating rndc key file >>>> WARNING: Your system is running out of entropy, you may experience >>>> long delays >>>> [2/8]: setting up our own record >>>> [3/8]: adding NS record to the zones >>>> [4/8]: setting up CA record >>>> [5/8]: setting up kerberos principal >>>> [6/8]: setting up named.conf >>>> [7/8]: configuring named to start on boot >>>> [8/8]: changing resolv.conf to point to ourselves >>>> Done configuring DNS (named). >>>> Configuring DNS key synchronization service (ipa-dnskeysyncd) >>>> [1/6]: checking status >>>> [2/6]: setting up kerberos principal >>>> [3/6]: setting up SoftHSM >>>> [4/6]: adding DNSSEC containers >>>> [5/6]: creating replica keys >>>> [error] DuplicateEntry: This entry already exists >>>> Unexpected error - see /var/log/ipaserver-install.log for details: >>>> DuplicateEntry: This entry already exists >>>> ============================= >>>> >>>> Looking into the /var/log/ipaserver-install.log gets: >>>> ============================= >>>> 2014-10-28T05:01:24Z DEBUG Storing replica public key to LDAP, >>>> ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com >>>> >>>> 2014-10-28T05:01:24Z DEBUG flushing >>>> ldap://infra-dc-01.my.domain.com:389 from SchemaCache >>>> 2014-10-28T05:01:24Z DEBUG retrieving schema for SchemaCache >>>> url=ldap://infra-dc-01.my.domain.com:389 >>>> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x47d0d88> >>>> 2014-10-28T05:01:24Z DEBUG Traceback (most recent call last): >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line >>>> 382, in start_creation run_step(full_msg, method) >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line >>>> 372, in run_step method() >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py", >>>> >>>> line 340, in __setup_replica_keys ldap.add_entry(entry) >>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >>>> 1592, in add_entry self.conn.add_s(entry.dn, attrs.items()) >>>> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ >>>> self.gen.throw(type, value, traceback) >>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >>>> 1169, in error_handler raise errors.DuplicateEntry() >>>> DuplicateEntry: This entry already exists >>>> >>>> 2014-10-28T05:01:24Z DEBUG [error] DuplicateEntry: This entry >>>> already exists >>>> 2014-10-28T05:01:24Z DEBUG File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", >>>> line 646, in run_script >>>> return_value = main_function() >>>> File "/sbin/ipa-dns-install", line 218, in main >>>> dnskeysyncd.create_instance(api.env.host, api.env.realm) >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py", >>>> >>>> line 128, in create_instance self.start_creation() >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line >>>> 382, in start_creation run_step(full_msg, method) >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line >>>> 372, in run_step method() >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py", >>>> >>>> line 340, in __setup_replica_keys ldap.add_entry(entry) >>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >>>> 1592, in add_entry self.conn.add_s(entry.dn, attrs.items()) >>>> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ >>>> self.gen.throw(type, value, traceback) >>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >>>> 1169, in error_handler raise errors.DuplicateEntry() >>>> 2014-10-28T05:01:24Z DEBUG The ipa-dns-install command failed, >>>> exception: DuplicateEntry: This entry already exists >>> Hello Michael, >>> >>> can you send me which entries do you have in >>> cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com, it looks like directory >>> server doesn't generate uniqueID for keys. >>> >>> Do you have upgraded IPA or fresh installed? >>> >>> Martin^2 >>> > Can you send me content of cn=IPK11 Unique IDs,cn=IPA > UUID,cn=plugins,cn=config entry? (If exists) > It looks like DS doesn't generate unique IDs > > Martin^2 > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
