[Freeipa-users] dse.ldif and dse.ldif.bak are lost

Rich Megginson rmeggins at redhat.com
Wed Apr 30 15:26:57 UTC 2014 

On 04/30/2014 09:22 AM, artjazz at free.fr wrote:
> Thanks a lot. My answers below.

Please keep replies on list, for others to see.

>
> Selon Rich Megginson <rmeggins at redhat.com>:
>
>> On 04/30/2014 03:26 AM, artjazz at free.fr wrote:
>>> Hi,
>>>
>>> I have 1 ipa master 'ipasrv' and 2 replicas 'iparpl1 iparpl2' installed
>> with
>>> --setup-ca option.
>>> Since a few days I have an issue with '389 Directory Server' on the master
>>> (ipasrv) and on the 2nd replica (iparpl2) with the following messages:
>>>
>>> The configuration file /etc/dirsrv/slapd-MYINSTANCE/dse.ldif was not
>> restored
>>> from backup /etc/dirsrv/slapd-MYINSTANCE/dse.ldif.tmp, error -1
>>> Apr 28 07:38:35 localhost ns-slapd: [28/Apr/2014:15:38:35 +0200] dse - The
>>> configuration file /etc/dirsrv/slapd-MYINSTANCE/dse.ldif was not restored
>> from
>>> backup /etc/dirsrv/slapd-MYINSTANCE/dse.ldif.bak, error -1
>>> Apr 28 07:38:35 localhost ns-slapd: [28/Apr/2014:15:38:35 +0200] config -
>> The
>>> given config file /etc/dirsrv/slapd-MYINSTANCE/dse.ldif could not be
>> accessed,
>>> Netscape Portable Runtime error -5950 (File not found.)
>>>
>>> The files dse.ldif and dse.ldif.bak are lost.
>> Was this a VM or a bare metal machine?  If a VM, please consider not
>> using a disk image file for the /etc partition to help avoid this
>> problem in the future.
> VM is a Virtual Machine.

Please consider using something other than a disk image file for the 
/etc partition.  And please consider doing the same for the 
/var/lib/dirsrv data (the actual dirsrv database files).

>
>> What version of 389-ds-base?  rpm -q 389-ds-base
> 389-ds-base-1.3.1.6-23.el7.x86_64
>
>> Do you have dse.ldif.startOK?
> Yes, I do, but when I tried to restore it with 'bak2db
> /etc/dirsrv/slapd-MYINSTANCE/dse.ldif.startOK'
> I have a lot of errors:

Right.  You don't restore this file with bak2db.  You just use cp -p

# cd /etc/dirsrv/slapd-MYINSTANCE
# cp -p dse.ldif.startOK dse.ldif

bak2db is only for the actual database data files (e.g. the files in 
/var/lib/dirsrv/slapd-MYINSTANCE/db)

>
> [30/Apr/2014:15:46:19 +0200] - valueset_value_syntax_cmp:
> slapi_attr_values2keys_sv failed for type attributetypes
> [30/Apr/2014:15:46:19 +0200] dse_read_one_file - The entry cn=schema in file
> /etc/dirsrv/slapd-MYINSTANCE/schema/00core.ldif (lineno: 1) is invalid, error
> code 21 (Invalid syntax) - attribute type aci: Unknown attribute syntax OID
> "1.3.6.1.4.1.1466.115.121.1.15"
> [30/Apr/2014:15:46:19 +0200] dse - Please edit the file to correct the reported
> problems and then restart the server.
>
>
>
>> ls -al /etc/dirsrv/slapd-MYINSTANCE
>>
>>> On my 1st replica (iparpl1) everything is OK.
>>>
>>> No Full IPA backup and LDAP backup done on ipasrv and iparpl2.
>>>
>>> A) Can I restore those files from iparpl1 ?
>> dse.ldif?  No, not without a lot of editing, since there is a lot of
>> host-specific config
>>
>>> B) I am a little bit confused after reading the documentation on
>>> http://www.freeipa.org/page/Backup_and_Restore
>>>     - can I consider that the ipa replicas are like ipa master ?
>>>     In this case when I want to execute the manual procedure in chapter 'One
>>> Server Loss'
>>>     1. Clean deployment from the lost server by removing all replication
>>> agreements with it.
>>>      from iparpl1 I have the following results:
>>>
>>> [root at iparpl1 ~]# ipa-replica-manage del iparpl2.mydomain
>>> 'iparpl1.mydomain' has no replication agreement for 'iparpl2.mydomaon'
>>>
>>>    [root at iparpl1 ~]# ipa-replica-manage del ipasrv.mydomain
>>> Connection to 'ipasrv.mydomain' failed:
>>> Unable to delete replica 'ipasrv.mydomain'
>>>
>>>     2. Choose another FreeIPA Server with CA installed to become the first
>> master
>>> Can I do this request from my 1st replica iparpl1 and how ?
>>>
>>>     3. Nominate this master to be the one in charge or renewing certs and
>>> publishing CRLS. This is a manual procedure at the moment.
>>>
>>>     4. Follow standard installation procedure to deploy a new master on a
>>> hardware/VM of your choice
>>> this request is to install a replica not a master ?
>>>
>>> Thanks for your help.
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
>
>
>
>
>
>

More information about the Freeipa-users mailing list