Can't Add Replica: The changelog directory CLDB already exists and is not empty

List overview All Threads
Download

newer

older

Password Policy Question

Options to deploy FreeIPA without...

Andrey Ptashnik

7 Jul 2020 7 Jul '20

3:13 p.m.

Team,

I'm trying to install FreeIPA replica and constantly hitting this error below. OS where replica is being installed is a fresh install. IPA version 4.6.6 After this error Master does not have any record of replica anyway.

Can someone please shed some light why on the machine with fresh OS install I can see error such "directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty"

Command that I'm using from a client machine that is already in the domain:

[root@server-02] # kinit admin [root@server-02] # ipa-replica-install --server server-01.example.com --domain example.com --setup-dns --setup-ca --forwarder 10.1xx.1xx.10 ---8<------8<------8<------8<------8<------8<------8<------8<--- [28/42]: ignore time skew for initial replication [29/42]: setting up initial replication [error] DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ---8<------8<------8<------8<------8<------8<------8<------8<---

Regards,

Andrey

Attachments:

image001.png (image/png — 9.0 KB)

Show replies by date

Florence Blanc-Renaud

8 Jul 8 Jul

12:01 a.m.

New subject: Can't Add Replica: The changelog directory CLDB already exists and is not empty

On 7/7/20 10:13 PM, Andrey Ptashnik via FreeIPA-users wrote:

...

Team,

I'm trying to install FreeIPA replica and constantly hitting this error below. OS where replica is being installed is a fresh install. IPA version 4.6.6 After this error Master does not have any record of replica anyway.

Can someone please shed some light why on the machine with fresh OS install I can see error such "directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty"

Command that I'm using from a client machine that is already in the domain:

[root@server-02] # kinit admin [root@server-02] # ipa-replica-install --server server-01.example.com --domain example.com --setup-dns --setup-ca --forwarder 10.1xx.1xx.10 ---8<------8<------8<------8<------8<------8<------8<------8<--- [28/42]: ignore time skew for initial replication [29/42]: setting up initial replication [error] DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ---8<------8<------8<------8<------8<------8<------8<------8<---

Hi,

it looks like the machine was already configured as a replica.

Please run ipa-server-install --uninstall -U on the soon-to-be replica, check that there is no /var/lib/dirsrv/slapd-EXAMPLE-COM directory, and re-try with ipa-client-install and ipa-replica-install.

flo

...

Regards,

Andrey

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...

Andrey Ptashnik

11:51 a.m.

New subject: Can't Add Replica: The changelog directory CLDB already exists and is not empty

Florence,

Thank you for answering this. Still no luck yet, out of options where to look at:

BEFORE: [root@server-02 ~]# ipa-server-install --uninstall ---8<------8<------8<--- Client uninstall complete. The ipa-client-install command was successful [root@ipa-server-02 ~]# [root@ipa-server-02 ~]# ls -la /var/lib/dirsrv/ total 4 drwxrwxr-x. 2 root dirsrv 6 Jul 8 10:33 . drwxr-xr-x. 49 root root 4096 Jul 7 02:13 .. [root@ipa-server-02 ~]#

IPA CLIENT INSTALL: [root@ipa-server-02 ~]# ipa-client-install --enable-dns-updates --ssh-trust-dns --mkhomedir --force-ntpd Client configuration complete. The ipa-client-install command was successful [root@server-02 ~]#

DIRECTORY EMPTY STILL: [root@server-02 ~]# ls -la /var/lib/dirsrv/ total 4 drwxrwxr-x. 2 root dirsrv 6 Jul 8 10:33 . drwxr-xr-x. 49 root root 4096 Jul 7 02:13 .. [root@server-02 ~]#

IPA REPLICA INSTALL: Added server-02 to " ipaservers" host group, then: [root@server-02 ~]# kinit admin [root@server-02 ~]# ipa-replica-install --server server-01.example.com --domain example.com --setup-dns --setup-ca --forwarder 10.1xx.1xx.10 ---8<------8<------8<--- [26/42]: restarting directory server [27/42]: creating DS keytab [28/42]: ignore time skew for initial replication [29/42]: setting up initial replication [error] DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-NIX-CCCIS-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.

TAIL OF /var/log/ipareplica-install.log ---8<------8<------8<--- 2020-07-08T16:36:07Z DEBUG Restart of dirsrv@EXAMPLE.service complete 2020-07-08T16:36:07Z DEBUG Created connection context.ldap2_140461961785296 2020-07-08T16:36:07Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5] 2020-07-08T16:36:07Z DEBUG retrieving schema for SchemaCache url=ldap://server-01.example.com:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7fbfd6914b48> 2020-07-08T16:36:08Z DEBUG Successfully updated nsDS5ReplicaId. 2020-07-08T16:36:08Z DEBUG Add or update replica config cn=replica,dc=example,dc=com,cn=mapping tree,cn=config 2020-07-08T16:36:08Z DEBUG Added replica config cn=replica,dc=example,dc=com,cn=mapping tree,cn=config 2020-07-08T16:36:08Z DEBUG Add or update replica config cn=replica,dc=example,dc=com,cn=mapping tree,cn=config 2020-07-08T16:36:08Z DEBUG No update to cn=replica,dc=example,dc=com,cn=mapping tree,cn=config necessary 2020-07-08T16:36:08Z DEBUG Unhandled LDAPError: OPERATIONS_ERROR: {'info': 'The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty.\n', 'desc': 'Operations error'} 2020-07-08T16:36:08Z DEBUG Traceback (most recent call last): ---8<------8<------8<--- File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1087, in error_handler raise errors.DatabaseError(desc=desc, info=info) DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty.

2020-07-08T16:36:08Z DEBUG [error] DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty. 2020-07-08T16:36:08Z DEBUG Destroyed connection context.ldap2_140461941923664 2020-07-08T16:36:08Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2020-07-08T16:36:08Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2020-07-08T16:36:08Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute ---8<------8<------8<--- File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1087, in error_handler raise errors.DatabaseError(desc=desc, info=info)

2020-07-08T16:36:08Z DEBUG The ipa-replica-install command failed, exception: DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty. 2020-07-08T16:36:08Z ERROR Operations error: The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty. 2020-07-08T16:36:08Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information [root@server-02 ~]#

Regards,

Andrey

On 7/8/20, 00:01, "Florence Blanc-Renaud" flo@redhat.com wrote:

On 7/7/20 10:13 PM, Andrey Ptashnik via FreeIPA-users wrote: > Team, > > I'm trying to install FreeIPA replica and constantly hitting this error below. > OS where replica is being installed is a fresh install. IPA version 4.6.6 > After this error Master does not have any record of replica anyway. > > Can someone please shed some light why on the machine with fresh OS install I can see error such "directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty" > > Command that I'm using from a client machine that is already in the domain: > > [root@server-02] # kinit admin > [root@server-02] # ipa-replica-install --server server-01.example.com --domain example.com --setup-dns --setup-ca --forwarder 10.1xx.1xx.10 > ---8<------8<------8<------8<------8<------8<------8<------8<--- > [28/42]: ignore time skew for initial replication > [29/42]: setting up initial replication > [error] DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty. > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > ---8<------8<------8<------8<------8<------8<------8<------8<--- > Hi,

it looks like the machine was already configured as a replica.

Please run ipa-server-install --uninstall -U on the soon-to-be replica, check that there is no /var/lib/dirsrv/slapd-EXAMPLE-COM directory, and re-try with ipa-client-install and ipa-replica-install.

flo > Regards, > > Andrey > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org > Fedora Code of Conduct: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedor... > List Guidelines: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproj... > List Archives: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedo... >

Florence Blanc-Renaud

9 Jul 9 Jul

1:55 a.m.

New subject: Can't Add Replica: The changelog directory CLDB already exists and is not empty

Hi Andrey,

it looks really similar to the issue https://bugzilla.redhat.com/show_bug.cgi?id=1590974

Can you check the access log and error log on the IPA server server-01.example.com? It seems that the issue happens when the replica installer tries to create the entry cn=changelog5,cn=config on the master. It's ok if the entry already exists (the op returns 68) but I suspect you will see a different error.

flo

On 7/8/20 6:51 PM, Andrey Ptashnik via FreeIPA-users wrote:

...

Florence,

Thank you for answering this. Still no luck yet, out of options where to look at:

BEFORE: [root@server-02 ~]# ipa-server-install --uninstall ---8<------8<------8<--- Client uninstall complete. The ipa-client-install command was successful [root@ipa-server-02 ~]# [root@ipa-server-02 ~]# ls -la /var/lib/dirsrv/ total 4 drwxrwxr-x. 2 root dirsrv 6 Jul 8 10:33 . drwxr-xr-x. 49 root root 4096 Jul 7 02:13 .. [root@ipa-server-02 ~]#

IPA CLIENT INSTALL: [root@ipa-server-02 ~]# ipa-client-install --enable-dns-updates --ssh-trust-dns --mkhomedir --force-ntpd Client configuration complete. The ipa-client-install command was successful [root@server-02 ~]#

DIRECTORY EMPTY STILL: [root@server-02 ~]# ls -la /var/lib/dirsrv/ total 4 drwxrwxr-x. 2 root dirsrv 6 Jul 8 10:33 . drwxr-xr-x. 49 root root 4096 Jul 7 02:13 .. [root@server-02 ~]#

IPA REPLICA INSTALL: Added server-02 to " ipaservers" host group, then: [root@server-02 ~]# kinit admin [root@server-02 ~]# ipa-replica-install --server server-01.example.com? --domain example.com --setup-dns --setup-ca --forwarder 10.1xx.1xx.10 ---8<------8<------8<--- [26/42]: restarting directory server [27/42]: creating DS keytab [28/42]: ignore time skew for initial replication [29/42]: setting up initial replication [error] DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-NIX-CCCIS-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.

TAIL OF /var/log/ipareplica-install.log ---8<------8<------8<--- 2020-07-08T16:36:07Z DEBUG Restart of dirsrv@EXAMPLE.service complete 2020-07-08T16:36:07Z DEBUG Created connection context.ldap2_140461961785296 2020-07-08T16:36:07Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5] 2020-07-08T16:36:07Z DEBUG retrieving schema for SchemaCache url=ldap://server-01.example.com:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7fbfd6914b48> 2020-07-08T16:36:08Z DEBUG Successfully updated nsDS5ReplicaId. 2020-07-08T16:36:08Z DEBUG Add or update replica config cn=replica,dc=example,dc=com,cn=mapping tree,cn=config 2020-07-08T16:36:08Z DEBUG Added replica config cn=replica,dc=example,dc=com,cn=mapping tree,cn=config 2020-07-08T16:36:08Z DEBUG Add or update replica config cn=replica,dc=example,dc=com,cn=mapping tree,cn=config 2020-07-08T16:36:08Z DEBUG No update to cn=replica,dc=example,dc=com,cn=mapping tree,cn=config necessary 2020-07-08T16:36:08Z DEBUG Unhandled LDAPError: OPERATIONS_ERROR: {'info': 'The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty.\n', 'desc': 'Operations error'} 2020-07-08T16:36:08Z DEBUG Traceback (most recent call last): ---8<------8<------8<--- File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1087, in error_handler raise errors.DatabaseError(desc=desc, info=info) DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty.

2020-07-08T16:36:08Z DEBUG [error] DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty. 2020-07-08T16:36:08Z DEBUG Destroyed connection context.ldap2_140461941923664 2020-07-08T16:36:08Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2020-07-08T16:36:08Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2020-07-08T16:36:08Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute ---8<------8<------8<--- File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1087, in error_handler raise errors.DatabaseError(desc=desc, info=info)

2020-07-08T16:36:08Z DEBUG The ipa-replica-install command failed, exception: DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty. 2020-07-08T16:36:08Z ERROR Operations error: The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty. Please choose a directory that does not exist or is empty. 2020-07-08T16:36:08Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information [root@server-02 ~]#

Regards,

Andrey

On 7/8/20, 00:01, "Florence Blanc-Renaud" flo@redhat.com wrote:
 On 7/7/20 10:13 PM, Andrey Ptashnik via FreeIPA-users wrote:
 > Team,
 >
 > I'm trying to install FreeIPA replica and constantly hitting this error below.
 > OS where replica is being installed is a fresh install. IPA version 4.6.6
 > After this error Master does not have any record of replica anyway.
 >
 > Can someone please shed some light why on the machine with fresh OS install I can see error such "directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty"
 >
 > Command that I'm using from a client machine that is already in the domain:
 >
 > [root@server-02] #  kinit admin
 > [root@server-02] # ipa-replica-install --server server-01.example.com? --domain example.com --setup-dns --setup-ca --forwarder 10.1xx.1xx.10
 > ---8<------8<------8<------8<------8<------8<------8<------8<---
 >    [28/42]: ignore time skew for initial replication
 >    [29/42]: setting up initial replication
 >    [error] DatabaseError: Operations error: The changelog directory [/var/lib/dirsrv/slapd-EXAMPLE-COM/cldb] already exists and is not empty.  Please choose a directory that does not exist or is empty.
 > Your system may be partly configured.
 > Run /usr/sbin/ipa-server-install --uninstall to clean up.
 > ---8<------8<------8<------8<------8<------8<------8<------8<---
 >
 Hi,

 it looks like the machine was already configured as a replica.

 Please run ipa-server-install --uninstall -U on the soon-to-be replica,
 check that there is no /var/lib/dirsrv/slapd-EXAMPLE-COM directory, and
 re-try with ipa-client-install and ipa-replica-install.

 flo
 > Regards,
 >
 > Andrey
 >
 >
 >
 > _______________________________________________
 > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
 > To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
 > Fedora Code of Conduct: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&amp;data=02%7C01%7Captashnik%40cccis.com%7C44b5fad8c194439106c308d822fbf6ed%7C1a188ae6a00241498234e47371d17cce%7C0%7C0%7C637297812860254771&amp;sdata=eV6Fblh3FDOeUnSKldjgWNs3qc58Vir5IWGSWy3iL6o%3D&amp;reserved=0
 > List Guidelines: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&amp;data=02%7C01%7Captashnik%40cccis.com%7C44b5fad8c194439106c308d822fbf6ed%7C1a188ae6a00241498234e47371d17cce%7C0%7C0%7C637297812860254771&amp;sdata=woqbd09LBkzexeWqPxYUwkabaU5WEP7XH6rUYoHn1wU%3D&amp;reserved=0
 > List Archives: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Ffreeipa-users%40lists.fedorahosted.org&amp;data=02%7C01%7Captashnik%40cccis.com%7C44b5fad8c194439106c308d822fbf6ed%7C1a188ae6a00241498234e47371d17cce%7C0%7C0%7C637297812860254771&amp;sdata=rJ991LA8LQeav7gt%2FlaixWlwnDc6x8nAVBSRpDBr9d4%3D&amp;reserved=0
 >
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...

1389

Age (days ago)

1391

Last active (days ago)

freeipa-users@lists.fedorahosted.org

3 comments

2 participants

tags (0)

participants (2)

Andrey Ptashnik
Florence Blanc-Renaud