[Freeipa-users] F20 Problem upgrading to 4.1
Martin Basti
mbasti at redhat.com
Tue Oct 28 10:21:48 UTC 2014
On 28/10/14 06:14, Michael Lasevich wrote:
> Running into same thing, but running ipa-dnsinstall does not complete:
>
> =============================
> Configuring DNS (named)
> [1/8]: generating rndc key file
> WARNING: Your system is running out of entropy, you may experience
> long delays
> [2/8]: setting up our own record
> [3/8]: adding NS record to the zones
> [4/8]: setting up CA record
> [5/8]: setting up kerberos principal
> [6/8]: setting up named.conf
> [7/8]: configuring named to start on boot
> [8/8]: changing resolv.conf to point to ourselves
> Done configuring DNS (named).
> Configuring DNS key synchronization service (ipa-dnskeysyncd)
> [1/6]: checking status
> [2/6]: setting up kerberos principal
> [3/6]: setting up SoftHSM
> [4/6]: adding DNSSEC containers
> [5/6]: creating replica keys
> [error] DuplicateEntry: This entry already exists
> Unexpected error - see /var/log/ipaserver-install.log for details:
> DuplicateEntry: This entry already exists
> =============================
>
> Looking into the /var/log/ipaserver-install.log gets:
> =============================
> 2014-10-28T05:01:24Z DEBUG Storing replica public key to LDAP,
> ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com
> 2014-10-28T05:01:24Z DEBUG flushing
> ldap://infra-dc-01.my.domain.com:389 from SchemaCache
> 2014-10-28T05:01:24Z DEBUG retrieving schema for SchemaCache
> url=ldap://infra-dc-01.my.domain.com:389
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x47d0d88>
> 2014-10-28T05:01:24Z DEBUG Traceback (most recent call last):
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
> 382, in start_creation run_step(full_msg, method)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
> 372, in run_step method()
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",
> line 340, in __setup_replica_keys ldap.add_entry(entry)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1592, in add_entry self.conn.add_s(entry.dn, attrs.items())
> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
> self.gen.throw(type, value, traceback)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1169, in error_handler raise errors.DuplicateEntry()
> DuplicateEntry: This entry already exists
>
> 2014-10-28T05:01:24Z DEBUG [error] DuplicateEntry: This entry
> already exists
> 2014-10-28T05:01:24Z DEBUG File
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
> line 646, in run_script
> return_value = main_function()
> File "/sbin/ipa-dns-install", line 218, in main
> dnskeysyncd.create_instance(api.env.host, api.env.realm)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",
> line 128, in create_instance self.start_creation()
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
> 382, in start_creation run_step(full_msg, method)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
> 372, in run_step method()
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",
> line 340, in __setup_replica_keys ldap.add_entry(entry)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1592, in add_entry self.conn.add_s(entry.dn, attrs.items())
> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
> self.gen.throw(type, value, traceback)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1169, in error_handler raise errors.DuplicateEntry()
> 2014-10-28T05:01:24Z DEBUG The ipa-dns-install command failed,
> exception: DuplicateEntry: This entry already exists
Hello Michael,
can you send me which entries do you have in
cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com, it looks like directory
server doesn't generate uniqueID for keys.
Do you have upgraded IPA or fresh installed?
Martin^2
--
Martin Basti
More information about the Freeipa-users
mailing list