[Freeipa-devel] [PATCH] 0029 Make sure replication works after DM password is changed

Tomas Babej tbabej at redhat.com
Mon Jun 24 12:27:06 UTC 2013 

On 06/11/2013 04:42 PM, Ade Lee wrote:
[snip]
> Just FYI, we plan to do a new release of pki-core today 
> (pki-core-10.0.3-2) to address this issue.
>> -- 
>> Regards,
>>
>> Ana Krivokapic
>> Associate Software Engineer
>> FreeIPA team
>> Red Hat Inc.
>
Ok, so I tested the patch, since pki-core has the PkiExport command 
fixed now.

I'm getting a little bit further now.

[tbabej at vm-127 ~]$ sudo ipa-replica-prepare --ip-address 10.34.47.129 
vm-129.idm.lab.eng.brq.redhat.com
Directory Manager (existing master) password:

Preparing replica for vm-129.idm.lab.eng.brq.redhat.com from 
vm-127.idm.lab.eng.brq.redhat.com
Constraint violation: Failed to update password

With debug output, I get (snipped out irrelevant parts):

Directory Manager (existing master) password:

ipa.ipaserver.plugins.ldap2.ldap2: DEBUG: Created connection 
context.ldap2_57668944
ipa.ipapython.ipaldap.SchemaCache: DEBUG: retrieving schema for 
SchemaCache 
url=ldapi://%2fvar%2frun%2fslapd-IDM-LAB-ENG-BRQ-REDHAT-COM.socket 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x3700ab8>
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG: Destroyed connection 
context.ldap2_57668944
ipa: DEBUG: Search DNS for vm-129.idm.lab.eng.brq.redhat.com
ipa: DEBUG: Search failed: [Errno -2] Name or service not known
ipa.ipapython.ipaldap.SchemaCache: DEBUG: flushing 
ldapi://%2fvar%2frun%2fslapd-IDM-LAB-ENG-BRQ-REDHAT-COM.socket from 
SchemaCache
ipa.ipapython.ipaldap.SchemaCache: DEBUG: retrieving schema for 
SchemaCache 
url=ldapi://%2fvar%2frun%2fslapd-IDM-LAB-ENG-BRQ-REDHAT-COM.socket 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4c704d0>
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: Not 
logging to a file
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: 
ipa-replica-prepare was invoked with arguments 
['vm-129.idm.lab.eng.brq.redhat.com'] and options: {'log_file': None, 
'verbose': True, 'reverse_zone': None, 'setup_pkinit': True, 'http_pin': 
None, 'quiet': False, 'http_pkcs12': None, 'pkinit_pkcs12': None, 
'ca_file': '/root/cacert.p12', 'no_reverse': False, 'dirsrv_pkcs12': 
None, 'password': None, 'ip_address': CheckedIPAddress('10.34.47.129'), 
'dirsrv_pin': None, 'pkinit_pin': None}
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: INFO: 
Preparing replica for vm-129.idm.lab.eng.brq.redhat.com from 
vm-127.idm.lab.eng.brq.redhat.com
ipa.ipapython.ipaldap.SchemaCache: DEBUG: flushing 
ldapi://%2fvar%2frun%2fslapd-IDM-LAB-ENG-BRQ-REDHAT-COM.socket from 
SchemaCache
ipa.ipapython.ipaldap.SchemaCache: DEBUG: retrieving schema for 
SchemaCache 
url=ldapi://%2fvar%2frun%2fslapd-IDM-LAB-ENG-BRQ-REDHAT-COM.socket 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x3700710>
ipa: DEBUG: Starting external process
ipa: DEBUG: args=/usr/bin/PKCS12Export -d /etc/pki/pki-tomcat/alias/ -p 
/tmp/tmprgUrso -w /tmp/tmp6SBBXF -o /root/cacert.p12
ipa: DEBUG: Process finished, return code=0
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG: Created connection 
context.ldap2_139884970376144
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: File 
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in 
execute
     return_value = self.run()
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py", 
line 245, in run
     self.copy_ds_certificate()
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py", 
line 281, in copy_ds_certificate
     self.update_pki_admin_password()
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py", 
line 520, in update_pki_admin_password
     ldap.modify_password(dn, self.dirman_password)
   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", 
line 332, in modify_password
     self.conn.passwd_s(dn, old_pass, new_pass)
   File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
     self.gen.throw(type, value, traceback)
   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 
919, in error_handler
     raise errors.DatabaseError(desc=desc, info=info)

ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: The 
ipa-replica-prepare command failed, exception: DatabaseError: Constraint 
violation: Failed to update password
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR: 
Constraint violation: Failed to update password

Tomas

More information about the Freeipa-devel mailing list