[Freeipa-users] F20 Problem upgrading to 4.1

Martin Basti mbasti at redhat.com
Wed Oct 29 10:03:34 UTC 2014 

On 28/10/14 20:54, Michael Lasevich wrote:
> I have a pair of servers that were both installed on clean Fedora20
> 4.0.1 from pviktori copr repo and then upgraded from mkosek to 4.1
>
> During update, secondary was done first and worked but primary run into
> trouble as described
>
> Looking under cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com I get one
> entry with dn:
>
> ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com
>
> Not sure what of that you need there, but for ipk11Label it has:
> dnssec-replica:infra-dc-02.my.domain.com. (which is the replica that IS
> working)
>
> Thanks,
>
> -M
>
> On 10/28/14, 3:21 AM, Martin Basti wrote:
>> On 28/10/14 06:14, Michael Lasevich wrote:
>>> Running into same thing, but running ipa-dnsinstall does not complete:
>>>
>>> =============================
>>> Configuring DNS (named)
>>>    [1/8]: generating rndc key file
>>> WARNING: Your system is running out of entropy, you may experience
>>> long delays
>>>    [2/8]: setting up our own record
>>>    [3/8]: adding NS record to the zones
>>>    [4/8]: setting up CA record
>>>    [5/8]: setting up kerberos principal
>>>    [6/8]: setting up named.conf
>>>    [7/8]: configuring named to start on boot
>>>    [8/8]: changing resolv.conf to point to ourselves
>>> Done configuring DNS (named).
>>> Configuring DNS key synchronization service (ipa-dnskeysyncd)
>>>    [1/6]: checking status
>>>    [2/6]: setting up kerberos principal
>>>    [3/6]: setting up SoftHSM
>>>    [4/6]: adding DNSSEC containers
>>>    [5/6]: creating replica keys
>>>    [error] DuplicateEntry: This entry already exists
>>> Unexpected error - see /var/log/ipaserver-install.log for details:
>>> DuplicateEntry: This entry already exists
>>> =============================
>>>
>>> Looking into the /var/log/ipaserver-install.log gets:
>>> =============================
>>> 2014-10-28T05:01:24Z DEBUG Storing replica public key to LDAP,
>>> ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com
>>> 2014-10-28T05:01:24Z DEBUG flushing
>>> ldap://infra-dc-01.my.domain.com:389 from SchemaCache
>>> 2014-10-28T05:01:24Z DEBUG retrieving schema for SchemaCache
>>> url=ldap://infra-dc-01.my.domain.com:389
>>> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x47d0d88>
>>> 2014-10-28T05:01:24Z DEBUG Traceback (most recent call last):
>>>    File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>>> 382, in start_creation run_step(full_msg, method)
>>>    File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>>> 372, in run_step method()
>>>    File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",
>>> line 340, in __setup_replica_keys ldap.add_entry(entry)
>>>    File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
>>> 1592, in add_entry self.conn.add_s(entry.dn, attrs.items())
>>>    File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
>>> self.gen.throw(type, value, traceback)
>>>    File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
>>> 1169, in error_handler raise errors.DuplicateEntry()
>>> DuplicateEntry: This entry already exists
>>>
>>> 2014-10-28T05:01:24Z DEBUG   [error] DuplicateEntry: This entry
>>> already exists
>>> 2014-10-28T05:01:24Z DEBUG   File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
>>> line 646, in run_script
>>>      return_value = main_function()
>>>    File "/sbin/ipa-dns-install", line 218, in main
>>> dnskeysyncd.create_instance(api.env.host, api.env.realm)
>>>    File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",
>>> line 128, in create_instance self.start_creation()
>>>    File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>>> 382, in start_creation run_step(full_msg, method)
>>>    File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>>> 372, in run_step method()
>>>    File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",
>>> line 340, in __setup_replica_keys ldap.add_entry(entry)
>>>    File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
>>> 1592, in add_entry self.conn.add_s(entry.dn, attrs.items())
>>>    File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
>>> self.gen.throw(type, value, traceback)
>>>    File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
>>> 1169, in error_handler raise errors.DuplicateEntry()
>>> 2014-10-28T05:01:24Z DEBUG The ipa-dns-install command failed,
>>> exception: DuplicateEntry: This entry already exists
>> Hello Michael,
>>
>> can you send me which entries do you have in
>> cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com, it looks like directory
>> server doesn't generate uniqueID for keys.
>>
>> Do you have upgraded IPA or fresh installed?
>>
>> Martin^2
>>
Can you send me content of cn=IPK11 Unique IDs,cn=IPA 
UUID,cn=plugins,cn=config entry? (If exists)
It looks like DS doesn't generate unique IDs

Martin^2


-- 
Martin Basti

More information about the Freeipa-users mailing list