Hi Flo -Thank you for the instructions. Everything is back to normal and I was able to bring up a new replica in the process after the steps were done.Sinh
On June 2, 2021 at 12:46:22 AM, Florence Renaud (flo@redhat.com) wrote:
Hi,thanks for the confirmation. In this case, you can fix the issue with the following procedure:To fix the master that was missing the "cn=changelog5,cn=config" entry follow these steps: [1] Remove the directory /var/lib/dirsrv/slapd-XXX/cldb [2] Use ldapmodify and add this entry dn: cn=changelog5,cn=config changetype: add objectclass: top objectclass: extensibleObject cn: changelog5 nsslapd-changelogdir: /var/lib/dirsrv/slapd-XXX/cldb nsslapd-changelogmaxage: 30d [3] Reinitialize this master from another "good" master, as this master is most likely out of date now.
Don't forget to replace the slapd-XXX with your actual instance name.HTH,
flo
On Tue, Jun 1, 2021 at 7:55 PM Sinh Lam <sinh@paran0id.org> wrote:Hi Florence -Thank you for your response. So to answer your question -1) the directory does exist on the master2) the cn=changelog5,cn=config entry is missing in the dse.ldif file.Thanks.SinhOn June 1, 2021 at 9:25:53 AM, Florence Renaud (flo@redhat.com) wrote:
Hi,the error looks similar to https://bugzilla.redhat.com/show_bug.cgi?id=1590974Most of the comments are private in this BZ because they refer to customer deployments, but the issue can happen if cn=changelog5,cn=config is missing on the master AND the changelog directory is present.Can you check on the master if there is a directory: /var/lib/dirsrv/slapd-XXX/cldb and if there is an entry cn=changelog5,cn=config in /etc/dirsrv/slapd-XXX/dse.ldif?floOn Wed, May 26, 2021 at 8:41 PM Sinh Lam via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:_______________________________________________Hi Everyone -I’m running into this odd issue I can’t seem to find a resolution to. Long story short, my IPA master was on a system that had a power failure. Upon bring up, the dirsrv failed to start up due to a zero byte dse.ldif file. Used a “backup” of the file and my master seemed to have came back up ok however replication seems to have stopped working.When I noticed that replication wasn’t working from the replicas to the master I went digging and found this (which led me to try to recover by removing the old replicas and trying to do a reinstall) :replica.domain.net: replicalast update status: Error (6) Replication error acquiring replica: Unable to acquire replica: there is no replicated area on the consumer server. Replication is aborting. (no such replica)last update ended: 2021-05-20 15:29:28+00:00The above “last update” corresponds with the power outage that took down the IPA master.I’m trying to re-initialize the replication by doing a reinstall of the replica server but I’m failing with the following error :I’ve since done several uninstalls and verified at each uninstall the /var/lib/dirsrv directory is empty.Disabled p11-kit-proxyConfiguring directory server (dirsrv). Estimated time: 30 seconds[1/42]: creating directory server instance[2/42]: configure autobind for root[3/42]: tune ldbm plugin[4/42]: stopping directory server[5/42]: updating configuration in dse.ldif[6/42]: starting directory server[7/42]: adding default schema[8/42]: enabling memberof plugin[9/42]: enabling winsync plugin[10/42]: configure password logging[11/42]: configuring replication version plugin[12/42]: enabling IPA enrollment plugin[13/42]: configuring uniqueness plugin[14/42]: configuring uuid plugin[15/42]: configuring modrdn plugin[16/42]: configuring DNS plugin[17/42]: enabling entryUSN plugin[18/42]: configuring lockout plugin[19/42]: configuring topology plugin[20/42]: creating indices[21/42]: enabling referential integrity plugin[22/42]: configuring certmap.conf[23/42]: configure new location for managed entries[24/42]: configure dirsrv ccache and keytab[25/42]: enabling SASL mapping fallback[26/42]: restarting directory server[27/42]: creating DS keytab[28/42]: ignore time skew for initial replication[29/42]: setting up initial replication[error] DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-REPLICA-DOMAIN-NET/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty.Your system may be partly configured.Run /usr/sbin/ipa-server-install --uninstall to clean up.Operations error: The changelog directory [/var/lib/dirsrv/slapd-REPLICA-DOMAIN-NET/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty.The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more informationAny pointers on how to get past this issue would be great since I have about 10 more replicas to get back up.Thanks.Sinh
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure