Sometimes there is a timing issue in IPA installation. When Directory Server instance is restarted and then there are LDAP operations started, the LDAP listening ports may not be open yet. This leads to errors like the following one:
$ sudo ipa-server-install ... [30/32]: enabling compatibility plugin [31/32]: tuning directory server root : CRITICAL Failed to load ds-nfiles.ldif: Command '/usr/bin/ldapmodify -h vm-077.idm.lab.bos.redhat.com -v -f /tmp/tmpyhvNAE -x -D cn=Directory Manager -y /tmp/tmpgRvDSm' returned non-zero exit status 255 [32/32]: configuring directory to start on boot done configuring dirsrv. Unexpected error - see ipaserver-install.log for details: {'desc': "Can't contact LDAP server"}
This could be solved by implementing a wait for open listening ports to function DsInstance::__restart_instance (like it is in CaInstance::__restart_instance). A timeout would be convenient. It may be set to some safe value, for example 5 mins.
DsInstance::__restart_instance
CaInstance::__restart_instance
A common function implementing the open-port wait used in both CaInstance and DsInstance would be convenient.
CaInstance
DsInstance
https://bugzilla.redhat.com/show_bug.cgi?id=688934
master: 18542cd
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.0.5 GA
Login to comment on this ticket.