[Freeipa-users] F20 Problem upgrading to 4.1

Michael Lasevich mlasevich at gmail.com
Tue Oct 28 19:54:46 UTC 2014 

I have a pair of servers that were both installed on clean Fedora20
4.0.1 from pviktori copr repo and then upgraded from mkosek to 4.1

During update, secondary was done first and worked but primary run into
trouble as described

Looking under cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com I get one
entry with dn:

ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com

Not sure what of that you need there, but for ipk11Label it has:
dnssec-replica:infra-dc-02.my.domain.com. (which is the replica that IS
working)

Thanks,

-M

On 10/28/14, 3:21 AM, Martin Basti wrote:
> On 28/10/14 06:14, Michael Lasevich wrote:
>> Running into same thing, but running ipa-dnsinstall does not complete:
>>
>> =============================
>> Configuring DNS (named)
>>   [1/8]: generating rndc key file
>> WARNING: Your system is running out of entropy, you may experience
>> long delays
>>   [2/8]: setting up our own record
>>   [3/8]: adding NS record to the zones
>>   [4/8]: setting up CA record
>>   [5/8]: setting up kerberos principal
>>   [6/8]: setting up named.conf
>>   [7/8]: configuring named to start on boot
>>   [8/8]: changing resolv.conf to point to ourselves
>> Done configuring DNS (named).
>> Configuring DNS key synchronization service (ipa-dnskeysyncd)
>>   [1/6]: checking status
>>   [2/6]: setting up kerberos principal
>>   [3/6]: setting up SoftHSM
>>   [4/6]: adding DNSSEC containers
>>   [5/6]: creating replica keys
>>   [error] DuplicateEntry: This entry already exists
>> Unexpected error - see /var/log/ipaserver-install.log for details:
>> DuplicateEntry: This entry already exists
>> =============================
>>
>> Looking into the /var/log/ipaserver-install.log gets:
>> =============================
>> 2014-10-28T05:01:24Z DEBUG Storing replica public key to LDAP,
>> ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com
>> 2014-10-28T05:01:24Z DEBUG flushing
>> ldap://infra-dc-01.my.domain.com:389 from SchemaCache
>> 2014-10-28T05:01:24Z DEBUG retrieving schema for SchemaCache
>> url=ldap://infra-dc-01.my.domain.com:389
>> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x47d0d88>
>> 2014-10-28T05:01:24Z DEBUG Traceback (most recent call last):
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 382, in start_creation run_step(full_msg, method)
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 372, in run_step method()
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",
>> line 340, in __setup_replica_keys ldap.add_entry(entry)
>>   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
>> 1592, in add_entry self.conn.add_s(entry.dn, attrs.items())
>>   File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
>> self.gen.throw(type, value, traceback)
>>   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
>> 1169, in error_handler raise errors.DuplicateEntry()
>> DuplicateEntry: This entry already exists
>>
>> 2014-10-28T05:01:24Z DEBUG   [error] DuplicateEntry: This entry
>> already exists
>> 2014-10-28T05:01:24Z DEBUG   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
>> line 646, in run_script
>>     return_value = main_function()
>>   File "/sbin/ipa-dns-install", line 218, in main
>> dnskeysyncd.create_instance(api.env.host, api.env.realm)
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",
>> line 128, in create_instance self.start_creation()
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 382, in start_creation run_step(full_msg, method)
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 372, in run_step method()
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",
>> line 340, in __setup_replica_keys ldap.add_entry(entry)
>>   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
>> 1592, in add_entry self.conn.add_s(entry.dn, attrs.items())
>>   File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
>> self.gen.throw(type, value, traceback)
>>   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
>> 1169, in error_handler raise errors.DuplicateEntry()
>> 2014-10-28T05:01:24Z DEBUG The ipa-dns-install command failed,
>> exception: DuplicateEntry: This entry already exists
> Hello Michael,
>
> can you send me which entries do you have in
> cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com, it looks like directory
> server doesn't generate uniqueID for keys.
>
> Do you have upgraded IPA or fresh installed?
>
> Martin^2
>

More information about the Freeipa-users mailing list