Ricardo Mendes via FreeIPA-users wrote:
Hi there,
I'm unable to add a new replica to the cluster as it fails:
Configuring SID generation
[1/8]: creating samba domain object
Samba domain object already exists
[2/8]: adding admin(group) SIDs
Admin SID already set, nothing to do
Admin group SID already set, nothing to do
[3/8]: adding RID bases
RID bases already set, nothing to do
[4/8]: updating Kerberos config
'dns_lookup_kdc' already set to 'true', nothing to do.
[5/8]: activating sidgen task
[6/8]: restarting Directory Server to take MS PAC and LDAP plugins changes into
account
[7/8]: adding fallback group
Failed to load default-smb-group.ldif: CalledProcessError(Command
['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpnwzpa12h',
'-H', 'ldapi://%2Frun%2Fslapd-DOM0-IO.socket', '-Y',
'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize(
ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )\nSASL/EXTERNAL authentication started\nSASL
username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add:
Operations error (1)\n\tadditional info: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to
proceed.\n')
Failed to add fallback group.
[error] CalledProcessError: CalledProcessError(Command ['/usr/bin/ldapmodify',
'-v', '-f', '/tmp/tmpnwzpa12h', '-H',
'ldapi://%2Frun%2Fslapd-DOM0-IO.socket', '-Y', 'EXTERNAL']
returned non-zero exit status 1: 'ldap_initialize(
ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )\nSASL/EXTERNAL authentication started\nSASL
username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add:
Operations error (1)\n\tadditional info: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to
proceed.\n')
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
CalledProcessError(Command ['/usr/bin/ldapmodify', '-v', '-f',
'/tmp/tmpnwzpa12h', '-H', 'ldapi://%2Frun%2Fslapd-DOM0-IO.socket',
'-Y', 'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize(
ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )\nSASL/EXTERNAL authentication started\nSASL
username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add:
Operations error (1)\n\tadditional info: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to
proceed.\n')
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more
information
====================
From ipareplica-install.log
====================
adding new entry "cn=Default SMB Group,cn=groups,cn=accounts,dc=dom0,dc=io"
2022-02-04T16:41:54Z DEBUG stderr=ldap_initialize(
ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldap_add: Operations error (1)
additional info: Allocation of a new value for range cn=posix ids,cn=distributed
numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.
2022-02-04T16:41:54Z CRITICAL Failed to load default-smb-group.ldif:
CalledProcessError(Command ['/usr/bin/ldapmodify', '-v', '-f',
'/tmp/tmpnwzpa12h', '-H', 'ldapi://%2Frun%2Fslapd-DOM0-IO.socket',
'-Y', 'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize(
ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )\nSASL/EXTERNAL au
thentication started\nSASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add: Operations
error (1)\n\tadditional info: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to
proceed.\n')
2022-02-04T16:41:54Z DEBUG Failed to add fallback group.
2022-02-04T16:41:54Z DEBUG Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1087, in
error_handler
yield
File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1587, in
find_entries
raise e
File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1547, in
find_entries
result = self.conn.result3(id, 0)
File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 767, in
result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 774, in
result4
ldap_result =
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 340, in
_ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib64/python3.6/site-packages/ldap/compat.py", line 46, in
reraise
raise exc_value
File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 324, in
_ldap_call
result = func(*args,**kwargs)
ldap.NO_SUCH_OBJECT: {'msgtype': 101, 'msgid': 4, 'result': 32,
'desc': 'No such object', 'ctrls': [], 'matched':
'cn=groups,cn=accounts,dc=dom0,dc=io'}
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py",
line 327, in __add_fallback_group
api.Backend.ldap2.get_entry(fb_group_dn)
File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1941, in
get_entry
dn, attrs_list, time_limit, size_limit, get_effective_rights
File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1644, in
get_entry
size_limit=size_limit, get_effective_rights=get_effective_rights,
File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1456, in
get_entries
**kwargs)
File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1594, in
find_entries
break
File "/usr/lib64/python3.6/contextlib.py", line 99, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1097, in
error_handler
raise errors.NotFound(reason=arg_desc or 'no such entry')
ipalib.errors.NotFound: no such entry
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
635, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
621, in run_step
method()
File "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py",
line 333, in __add_fallback_group
raise e
File "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py",
line 330, in __add_fallback_group
self._ldap_mod('default-smb-group.ldif', self.sub_dict)
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
399, in _ldap_mod
ipautil.run(args, nolog=nologlist)
File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 599, in
run
p.returncode, arg_string, output_log, error_log
ipapython.ipautil.CalledProcessError: CalledProcessError(Command
['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpnwzpa12h',
'-H', 'ldapi://%2Frun%2Fslapd-DOM0-IO.socket', '-Y',
'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize(
ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )\nSASL/EXTERNAL authentication started\nSASL
username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add:
Operations error (1)\n\tadditional info: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to
proceed.\n')
2022-02-04T16:41:54Z DEBUG [error] CalledProcessError: CalledProcessError(Command
['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpnwzpa12h',
'-H', 'ldapi://%2Frun%2Fslapd-DOM0-IO.socket', '-Y',
'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize(
ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )\nSASL/EXTERNAL authentication started\nSASL
username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add:
Operations error (1)\n\tadditional info: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to
proceed.\n')
2022-02-04T16:41:54Z DEBUG File
"/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 180, in execute
return_value = self.run()
File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 342,
in run
return cfgr.run()
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 360,
in run
return self.execute()
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 386,
in execute
for rval in self._executor():
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460,
in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81,
in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 655,
in _configure
next(executor)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460,
in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 518,
in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 515,
in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81,
in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line 65,
in _install
for unused in self._installer(self.parent):
File "/usr/lib/python3.6/site-packages/ipaserver/install/server/__init__.py",
line 603, in main
replica_install(self)
File
"/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py",
line 401, in decorated
func(installer)
File
"/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py",
line 1371, in install
adtrust.install(False, options, fstore, api)
File "/usr/lib/python3.6/site-packages/ipaserver/install/adtrust.py", line
483, in install
smb.create_instance()
File "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py",
line 895, in create_instance
self.start_creation(show_service_name=False)
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
635, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
621, in run_step
method()
File "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py",
line 333, in __add_fallback_group
raise e
File "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py",
line 330, in __add_fallback_group
self._ldap_mod('default-smb-group.ldif', self.sub_dict)
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
399, in _ldap_mod
ipautil.run(args, nolog=nologlist)
File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 599, in
run
p.returncode, arg_string, output_log, error_log
2022-02-04T16:41:54Z DEBUG The ipa-replica-install command failed, exception:
CalledProcessError: CalledProcessError(Command ['/usr/bin/ldapmodify',
'-v', '-f', '/tmp/tmpnwzpa12h', '-H',
'ldapi://%2Frun%2Fslapd-DOM0-IO.socket', '-Y', 'EXTERNAL']
returned non-zero exit status 1: 'ldap_initialize(
ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )\nSASL/EXTERNAL authentication started\nSASL
username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add:
Operations error (1)\n\tadditional info: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to
proceed.\n')
2022-02-04T16:41:54Z ERROR CalledProcessError(Command ['/usr/bin/ldapmodify',
'-v', '-f', '/tmp/tmpnwzpa12h', '-H',
'ldapi://%2Frun%2Fslapd-DOM0-IO.socket', '-Y', 'EXTERNAL']
returned non-zero exit status 1: 'ldap_initialize(
ldapi://%2Frun%2Fslapd-DOM0-IO.socket/??base )\nSASL/EXTERNAL authentication started\nSASL
username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add:
Operations error (1)\n\tadditional info: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to
proceed.\n')
2022-02-04T16:41:54Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
Before this failed entry, other entries have been added successfully.
I'd check the DNA ranges on the existing servers to ensure that there is
enough range to split.
ipa-replica-manage dnarange-show
It should show the range(s) for all the servers.
rob