<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 09/27/2016 06:04 PM, Youenn PIOLET
wrote:<br>
</div>
<blockquote
cite="mid:CAF7cxufuqza8YdkxGJySf-EU-n7Bf9E3JRdV0L9_FHi1R2hALQ@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Ludwig,
<div><br>
</div>
<div>Version:<br>
389-ds-base-1.3.4.0-33.el7_2.x86_64<br>
</div>
</div>
</blockquote>
we have identified an issue with this version, it includes a fix for
389-ds ticket #48766, which was incomplete and resolved shortly
after the release of this version (it is missing the latest patch
for #49766 and for #48954). <br>
You can try to go back to 1.3.4.0-32 or if you have support get a
hotfix from our support.<br>
<br>
Sorry for this,<br>
Ludwig<br>
<blockquote
cite="mid:CAF7cxufuqza8YdkxGJySf-EU-n7Bf9E3JRdV0L9_FHi1R2hALQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>The timestamp probably matches the last time I've done a
ipa-replica-manage re-initialize.</div>
<div>I have to do it every day (many times a day actually!), as
replication is broken, This CSN changes all the time.</div>
<div><br>
</div>
<div>My main goal is to rebuilt everything from a clean base.</div>
<div>I've got no master without errors.</div>
<div><br>
</div>
<div>What is the easiest way to rebuilt everything?</div>
<div>ipa-[cs]replica-manage re-initialize isn't very effective.</div>
<div><br>
</div>
<div>Thanks by advance,</div>
<div>Regards</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature" data-smartmail="gmail_signature"><font
face="arial, helvetica, sans-serif">
<div><span style="font-family:arial"><font face="arial,
helvetica, sans-serif">
<div>--</div>
<div><font color="#666666">Youenn Piolet</font></div>
<div><font color="#999999" size="1"><a
moz-do-not-send="true"
href="mailto:piolet.y@gmail.com"
target="_blank">piolet.y@gmail.com</a></font></div>
<div style="font-size:large"><span
style="font-size:small"><span
style="font-family:arial">
<div><font face="tahoma, sans-serif"><span
style="font-family:arial,verdana,tahoma,sans-serif;font-size:11px"><span
style="font-family:tahoma,sans-serif;font-size:small"><font
color="#666666"><span
style="color:rgb(142,142,142);font-family:arial,verdana,tahoma,sans-serif;font-size:11px"><em><br>
</em></span></font></span></span></font></div>
</span></span></div>
</font></span></div>
</font></div>
</div>
<br>
<div class="gmail_quote">2016-09-26 9:42 GMT+02:00 Ludwig
Krispenz <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:lkrispen@redhat.com" target="_blank">lkrispen@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class=""> <br>
<div>On 09/25/2016 09:35 PM, Youenn PIOLET wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi there,
<div><br>
<div>Same issue for me in a my 15 ipa-servers
multi-master grid just after the update.</div>
<div>The replication is completely broken except
on 3/15 nodes.</div>
<div><br>
</div>
<div>This is the second time I have to fully
reinitialize the whole cluster for similar
reason. I don't know what to do to clean this
mess...</div>
<div>For more information: this cluster has been
initialized on a fedora 4.1.4 more than one year
ago then complemetely migrated to Centos 7, IPA
4.2.</div>
</div>
</div>
</blockquote>
</span> what is the exact version of 389-ds-base you are
running ?<br>
<br>
did these errors come out of the blue or are they related
to some activities ? The csn which is not found has a
timestamp of "Thu, 22 Sep 2016 15:59:08 GMT" did anything
happen around this time ?
<div>
<div class="h5"><br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div><br>
</div>
<div>Example on fr-master03 error logs:</div>
<div><br>
</div>
<div>
<div>[25/Sep/2016:19:27:31 +0000]
NSMMReplicationPlugin - changelog program -
agmt="cn=meTofr-master01.<wbr>domain"
(fr-master01:389): CSN 57e3ffcc0003001a0000
not found, we aren't as up to date, or we
purged</div>
<div>[25/Sep/2016:19:27:31 +0000]
NSMMReplicationPlugin -
agmt="cn=meTofr-master01.<wbr>domain"
(fr-master01:389): Data required to update
replica has been purged. The replica must be
reinitialized.</div>
<div>[25/Sep/2016:19:27:31 +0000]
NSMMReplicationPlugin -
agmt="cn=meTofr-master01.<wbr>domain"
(fr-master01:389): Incremental update failed
and requires administrator action</div>
<div>ipa: INFO: The ipactl command was
successful</div>
<div>[25/Sep/2016:19:27:35 +0000]
agmt="cn=meTofr-master02.<wbr>domain"
(fr-master02:389) - Can't locate CSN
57e3ffcc0003001a0000 in the changelog (DB
rc=-30988). If replication stops, the
consumer may need to be reinitialized.<br>
</div>
<div>[25/Sep/2016:19:27:35 +0000]
NSMMReplicationPlugin - changelog program -
agmt="cn=meTofr-master02.<wbr>domain"
(fr-master02:389): CSN 57e3ffcc0003001a0000
not found, we aren't as up to date, or we
purged</div>
<div>[25/Sep/2016:19:27:35 +0000]
NSMMReplicationPlugin -
agmt="cn=meTofr-master02.<wbr>domain"
(fr-master02:389): Data required to update
replica has been purged. The replica must be
reinitialized.</div>
<div>[25/Sep/2016:19:27:35 +0000]
NSMMReplicationPlugin -
agmt="cn=meTofr-master02.<wbr>domain"
(fr-master02:389): Incremental update failed
and requires administrator action</div>
<div><br>
</div>
</div>
<div>Regards,</div>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div data-smartmail="gmail_signature"><font
face="arial, helvetica, sans-serif">
<div><span style="font-family:arial"><font
face="arial, helvetica, sans-serif">
<div>--</div>
<div><font color="#666666">Youenn
Piolet</font></div>
<div><font color="#999999" size="1"><a
moz-do-not-send="true"
href="mailto:piolet.y@gmail.com"
target="_blank">piolet.y@gmail.com</a></font></div>
<div style="font-size:large"><span
style="font-size:small"><span
style="font-family:arial">
<div><font face="tahoma,
sans-serif"><span
style="font-family:arial,verdana,tahoma,sans-serif;font-size:11px"><span
style="font-family:tahoma,sans-serif;font-size:small"><font
color="#666666"><span
style="color:rgb(142,142,142);font-family:arial,verdana,tahoma,sans-serif;font-size:11px"><em><br>
</em></span></font></span></span></font></div>
</span></span></div>
</font></span></div>
</font></div>
</div>
<br>
<div class="gmail_quote">2016-09-23 17:51
GMT+02:00 Mike Driscoll <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:mike.driscoll@oracle.com"
target="_blank">mike.driscoll@oracle.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div style="word-wrap:break-word">
<div>Hello. I have four IPA servers
replicating in full mesh. All four
servers are running
ipa-server-4.2.0-15.0.1.el7_2.<wbr>19.x86_64.</div>
<div><br>
</div>
<div>This was working for some time but now
I see that no replication is occurring
automatically at present.</div>
<div><br>
</div>
<div>When I update a user attribute on an
IPA server, I see errors like these:</div>
<div>[22/Sep/2016:16:53:49
-0700] attrlist_replace - attr_replace
(nsslapd-referral, <a
moz-do-not-send="true">ldap://ldap03.xx.com:389/o%3Di<wbr>paca</a>)
failed.</div>
<div>[22/Sep/2016:16:58:56 -0700]
NSMMReplicationPlugin - agmt="cn=<a
moz-do-not-send="true"
href="http://masteragreement1-ldap03.xx.com"
target="_blank">masterAgreement1-ldap<wbr>03.xx.com</a>-pki-tomcat" (ldap03:<wbr>389):
Incremental update failed and requires
administrator action</div>
<div><br>
</div>
<div>I can reinitialize without errors.</div>
<div>ipa-csreplica-manage re-initialize
--from=<a moz-do-not-send="true"
href="http://ldap04.us.oracle.com"
target="_blank">ldap01.xx.com</a></div>
<div>ipa-replica-manage re-initialize
--from=<a moz-do-not-send="true"
href="http://ldap01.xx.com"
target="_blank">ldap01.xx.com</a></div>
<div>Afterwards I see my attribute (and
other) changes are replicated on each
server I re-initialize from. But
subsequently, replication doesn’t seem to
be happening.</div>
<div><br>
</div>
<div>I reinitialized according to the steps
in Table 8.7, “Replication Errors”, but
subsequent replication isn’t occurring.
Any suggestions? Is it safe to identify
one of my four servers as containing
up-to-date data, then sever and reinstate
replication relationships with the other
three?</div>
<span><font color="#888888">
<div><br>
</div>
<div>Mike</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</font></span></div>
<br>
--<br>
Manage your subscription for the Freeipa-users
mailing list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
rel="noreferrer" target="_blank">https://www.redhat.com/mailman<wbr>/listinfo/freeipa-users</a><br>
Go to <a moz-do-not-send="true"
href="http://freeipa.org" rel="noreferrer"
target="_blank">http://freeipa.org</a> for
more info on the project<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
</div>
</div>
<span class="HOEnZb"><font color="#888888">
<pre cols="72">--
Red Hat GmbH, <a moz-do-not-send="true" href="http://www.de.redhat.com/" target="_blank">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander</pre>
</font></span></div>
<br>
--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
rel="noreferrer" target="_blank">https://www.redhat.com/<wbr>mailman/listinfo/freeipa-users</a><br>
Go to <a moz-do-not-send="true" href="http://freeipa.org"
rel="noreferrer" target="_blank">http://freeipa.org</a>
for more info on the project<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Red Hat GmbH, <a class="moz-txt-link-freetext" href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander</pre>
</body>
</html>