On 12/5/18 3:12 PM, Marc Wiatrowski wrote:
hello flo,
I attached the log to only you... Wasn't sure if there was anything in there that wasn't ok to go to the whole list.
Hi Marc,
(adding the list in cc)
indeed the error happens in a code path that wasn't fixed. Could you open a new pagure ticket (https://pagure.io/freeipa/new_issue)? Please attach the end of the logs, after the line [28/41]: setting up initial replication (you can replace your domain name with XX).
thanks, flo
thanks for looking! Marc
On Wed, Dec 5, 2018 at 3:55 AM Florence Blanc-Renaud <flo@redhat.com mailto:flo@redhat.com> wrote:
On 12/4/18 9:55 PM, Marc Wiatrowski via FreeIPA-users wrote: > I'm trying to migrate a CentOS 6 IPA setup to CentOS 7. Both are fully > updated CentOS 6.10 (ipa-server-3.0.0-51) and CentOS 7.6 > (ipa-server-4.6.4-10) > > I've been following: > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/migrate-6-to-7 > > I ran copy-schema-to-ca.py on centos6 and created the replica info file > without any issues. But then: > > [root@centos7]$ ipa-replica-install > /var/lib/ipa/replica-info-centos7.gpg --setup-ca --ip-address > 192.168.1.1 --setup-dns --no-forwarders > Directory Manager (existing master) password: > > Run connection check to master > admin@DOMAIN.NET <mailto:admin@DOMAIN.NET> <mailto:admin@DOMAIN.NET <mailto:admin@DOMAIN.NET>> password: > Connection check OK > Adding [192.168.1.1 centos7.domain.net <http://centos7.domain.net> <http://centos7.domain.net>] to > your /etc/hosts file > Configuring NTP daemon (ntpd) > [1/4]: stopping ntpd > [2/4]: writing configuration > [3/4]: configuring ntpd to start on boot > [4/4]: starting ntpd > Done configuring NTP daemon (ntpd). > Configuring directory server (dirsrv). Estimated time: 30 seconds > [1/41]: creating directory server instance > [2/41]: enabling ldapi > .... > [27/41]: ignore time skew for initial replication > [28/41]: setting up initial replication > [error] DatabaseError: Server is unwilling to perform: modification > of attribute nsds5replicabinddngroupcheckinterval is not allowed in > replica entry > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > ipapython.admintool: ERROR Server is unwilling to perform: > modification of attribute nsds5replicabinddngroupcheckinterval is not > allowed in replica entry > ipapython.admintool: ERROR The ipa-replica-install command failed. > See /var/log/ipareplica-install.log for more information > > centos6:/var/log/dirsrv/slapd/errors: > [04/Dec/2018:14:58:13 -0500] NSMMReplicationPlugin - > replica_config_modify: modification of attribute > nsds5replicabinddngroupcheckinterval is not allowed in replica entry > > The ipareplica-install.log contains the same errors at the end. I have > googled and seen similar issues but the solutions span from fixed > already in a previous release to not having an answer in the thread. It > appears CentOS 6 shouldn't have this attribute and that should be ok? > but fails all the same. > > Any suggestions? Hi Marc, can you provide the full content of ipareplica-install.log? The exact stack trace will help me check if we forgot some places when fixing the issue. Thanks, flo > Thank you in advance, > Marc > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >
Definitely!
https://pagure.io/freeipa/issue/7796
Thank you so much. Is there something I can do in the meantime?
thanks again, Marc
On Thu, Dec 6, 2018 at 3:02 AM Florence Blanc-Renaud flo@redhat.com wrote:
On 12/5/18 3:12 PM, Marc Wiatrowski wrote:
hello flo,
I attached the log to only you... Wasn't sure if there was anything in there that wasn't ok to go to the whole list.
Hi Marc,
(adding the list in cc)
indeed the error happens in a code path that wasn't fixed. Could you open a new pagure ticket (https://pagure.io/freeipa/new_issue)? Please attach the end of the logs, after the line [28/41]: setting up initial replication (you can replace your domain name with XX).
thanks, flo
thanks for looking! Marc
On Wed, Dec 5, 2018 at 3:55 AM Florence Blanc-Renaud <flo@redhat.com mailto:flo@redhat.com> wrote:
On 12/4/18 9:55 PM, Marc Wiatrowski via FreeIPA-users wrote: > I'm trying to migrate a CentOS 6 IPA setup to CentOS 7. Both are fully > updated CentOS 6.10 (ipa-server-3.0.0-51) and CentOS 7.6 > (ipa-server-4.6.4-10) > > I've been following: >
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
> > I ran copy-schema-to-ca.py on centos6 and created the replica info file > without any issues. But then: > > [root@centos7]$ ipa-replica-install > /var/lib/ipa/replica-info-centos7.gpg --setup-ca --ip-address > 192.168.1.1 --setup-dns --no-forwarders > Directory Manager (existing master) password: > > Run connection check to master > admin@DOMAIN.NET <mailto:admin@DOMAIN.NET> <mailto:admin@DOMAIN.NET <mailto:admin@DOMAIN.NET>> password: > Connection check OK > Adding [192.168.1.1 centos7.domain.net <http://centos7.domain.net> <http://centos7.domain.net>] to > your /etc/hosts file > Configuring NTP daemon (ntpd) > [1/4]: stopping ntpd > [2/4]: writing configuration > [3/4]: configuring ntpd to start on boot > [4/4]: starting ntpd > Done configuring NTP daemon (ntpd). > Configuring directory server (dirsrv). Estimated time: 30 seconds > [1/41]: creating directory server instance > [2/41]: enabling ldapi > .... > [27/41]: ignore time skew for initial replication > [28/41]: setting up initial replication > [error] DatabaseError: Server is unwilling to perform: modification > of attribute nsds5replicabinddngroupcheckinterval is not allowed
in
> replica entry > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > ipapython.admintool: ERROR Server is unwilling to perform: > modification of attribute nsds5replicabinddngroupcheckinterval is not > allowed in replica entry > ipapython.admintool: ERROR The ipa-replica-install command failed. > See /var/log/ipareplica-install.log for more information > > centos6:/var/log/dirsrv/slapd/errors: > [04/Dec/2018:14:58:13 -0500] NSMMReplicationPlugin - > replica_config_modify: modification of attribute > nsds5replicabinddngroupcheckinterval is not allowed in replica
entry
> > The ipareplica-install.log contains the same errors at the end. I have > googled and seen similar issues but the solutions span from fixed > already in a previous release to not having an answer in the thread. It > appears CentOS 6 shouldn't have this attribute and that should be ok? > but fails all the same. > > Any suggestions? Hi Marc, can you provide the full content of ipareplica-install.log? The exact stack trace will help me check if we forgot some places when fixing
the
issue. Thanks, flo > Thank you in advance, > Marc > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
>
On 12/6/18 4:11 PM, Marc Wiatrowski via FreeIPA-users wrote:
Definitely!
https://pagure.io/freeipa/issue/7796
Thank you so much. Is there something I can do in the meantime?
Hi, I added a workaround in the ticket [1], please let me know if it works for you. flo
[1] https://pagure.io/freeipa/issue/7796#comment-546151
thanks again, Marc
On Thu, Dec 6, 2018 at 3:02 AM Florence Blanc-Renaud <flo@redhat.com mailto:flo@redhat.com> wrote:
On 12/5/18 3:12 PM, Marc Wiatrowski wrote: > hello flo, > > I attached the log to only you... Wasn't sure if there was anything in > there that wasn't ok to go to the whole list. > Hi Marc, (adding the list in cc) indeed the error happens in a code path that wasn't fixed. Could you open a new pagure ticket (https://pagure.io/freeipa/new_issue)? Please attach the end of the logs, after the line [28/41]: setting up initial replication (you can replace your domain name with XX). thanks, flo > thanks for looking! > Marc > > On Wed, Dec 5, 2018 at 3:55 AM Florence Blanc-Renaud <flo@redhat.com <mailto:flo@redhat.com> > <mailto:flo@redhat.com <mailto:flo@redhat.com>>> wrote: > > On 12/4/18 9:55 PM, Marc Wiatrowski via FreeIPA-users wrote: > > I'm trying to migrate a CentOS 6 IPA setup to CentOS 7. Both > are fully > > updated CentOS 6.10 (ipa-server-3.0.0-51) and CentOS 7.6 > > (ipa-server-4.6.4-10) > > > > I've been following: > > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/migrate-6-to-7 > > > > I ran copy-schema-to-ca.py on centos6 and created the replica > info file > > without any issues. But then: > > > > [root@centos7]$ ipa-replica-install > > /var/lib/ipa/replica-info-centos7.gpg --setup-ca --ip-address > > 192.168.1.1 --setup-dns --no-forwarders > > Directory Manager (existing master) password: > > > > Run connection check to master > > admin@DOMAIN.NET <mailto:admin@DOMAIN.NET> <mailto:admin@DOMAIN.NET <mailto:admin@DOMAIN.NET>> > <mailto:admin@DOMAIN.NET <mailto:admin@DOMAIN.NET> <mailto:admin@DOMAIN.NET <mailto:admin@DOMAIN.NET>>> password: > > Connection check OK > > Adding [192.168.1.1 centos7.domain.net <http://centos7.domain.net> > <http://centos7.domain.net> <http://centos7.domain.net>] to > > your /etc/hosts file > > Configuring NTP daemon (ntpd) > > [1/4]: stopping ntpd > > [2/4]: writing configuration > > [3/4]: configuring ntpd to start on boot > > [4/4]: starting ntpd > > Done configuring NTP daemon (ntpd). > > Configuring directory server (dirsrv). Estimated time: 30 seconds > > [1/41]: creating directory server instance > > [2/41]: enabling ldapi > > .... > > [27/41]: ignore time skew for initial replication > > [28/41]: setting up initial replication > > [error] DatabaseError: Server is unwilling to perform: > modification > > of attribute nsds5replicabinddngroupcheckinterval is not allowed in > > replica entry > > Your system may be partly configured. > > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > > > ipapython.admintool: ERROR Server is unwilling to perform: > > modification of attribute nsds5replicabinddngroupcheckinterval is > not > > allowed in replica entry > > ipapython.admintool: ERROR The ipa-replica-install command > failed. > > See /var/log/ipareplica-install.log for more information > > > > centos6:/var/log/dirsrv/slapd/errors: > > [04/Dec/2018:14:58:13 -0500] NSMMReplicationPlugin - > > replica_config_modify: modification of attribute > > nsds5replicabinddngroupcheckinterval is not allowed in replica entry > > > > The ipareplica-install.log contains the same errors at the end. > I have > > googled and seen similar issues but the solutions span from fixed > > already in a previous release to not having an answer in the > thread. It > > appears CentOS 6 shouldn't have this attribute and that should be > ok? > > but fails all the same. > > > > Any suggestions? > Hi Marc, > > can you provide the full content of ipareplica-install.log? The exact > stack trace will help me check if we forgot some places when fixing the > issue. > > Thanks, > flo > > Thank you in advance, > > Marc > > > > _______________________________________________ > > FreeIPA-users mailing list -- > freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > To unsubscribe send an email to > freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > >
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org