10:56 a.m.
Hi guys.
I'm trying to spin up a new replica:
...
[25/41]: restarting directory server
[26/41]: creating DS keytab
[error] CalledProcessError: CalledProcessError(Command
['/usr/sbin/ipa-getkeytab', '-k', '/etc/dirsrv/ds.keytab',
'-p',
'ldap/sucker.ccnr.ceb.private.cam.ac.uk(a)CCN.DOMAIN.MINE', '-H',
'ldaps://drunk.ccn.domain.mine'] returned non-zero exit status 9:
'Failed to parse result: Insufficient access rights\n\nRetrying with
pre-4.0 keytab retrieval method...\nFailed to parse result: Insufficient
access rights\n\nFailed to get keytab!\nFailed to get keytab\n')
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
CalledProcessError(Command ['/usr/sbin/ipa-getkeytab', '-k',
'/etc/dirsrv/ds.keytab', '-p',
'ldap/sucker.ccn.domain.mine(a)CCNR.CEB.PRIVATE.CAM.AC.UK', '-H',
'ldaps://drunk.ccn.domain.mine'] returned non-zero exit status 9:
'Failed to parse result: Insufficient access rights\n\nRetrying with
pre-4.0 keytab retrieval method...\nFailed to parse result: Insufficient
access rights\n\nFailed to get keytab!\nFailed to get keytab\n')
So I do:
~]$ ipa-server-install --uninstall
This is a NON REVERSIBLE operation and will delete all data and
configuration!
It is highly recommended to take a backup of existing data and
configuration using ipa-backup utility before proceeding.
Are you sure you want to continue with the uninstall procedure? [no]: yes
Shutting down all IPA services
Unconfiguring directory server
[Errno 2] No such file or directory:
'/etc/dirsrv/slapd-CCN-DOMAIN-MINE/dse.ldif'
And from here on it's practically a small mayhem. '--uninstall' no
matter how many times does not help.
I see that 'systemctl status -l dirsrv@my-instance' is till up. So
obviously:
~]$ ipa-replica-install --setup-dns --no-forwarders --admin-password=ccn
--principal=admin
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
IPA requires ports 389 and 636 for the Directory Server.
These are currently in use:
389
636
...
One more time?
~]$ ipa-server-install --uninstall
WARNING:
IPA server is not configured on this system. If you want to install the
IPA server, please install it using 'ipa-server-install'.
This is a NON REVERSIBLE operation and will delete all data and
configuration!
It is highly recommended to take a backup of existing data and
configuration using ipa-backup utility before proceeding.
... and like I vicious circle.
Seems to me that this simple case is what IPA devel guys could look into
and then hopefully improve and harden un/installation process.
ipa-client-4.8.7-12.module_el8.3.0+511+8a502f20.x86_64
ipa-client-common-4.8.7-12.module_el8.3.0+511+8a502f20.noarch
ipa-common-4.8.7-12.module_el8.3.0+511+8a502f20.noarch
ipa-healthcheck-core-0.4-6.module_el8.3.0+482+9e103aab.noarch
ipa-selinux-4.8.7-12.module_el8.3.0+511+8a502f20.noarch
ipa-server-4.8.7-12.module_el8.3.0+511+8a502f20.x86_64
ipa-server-common-4.8.7-12.module_el8.3.0+511+8a502f20.noarch
ipa-server-dns-4.8.7-12.module_el8.3.0+511+8a502f20.noarch