[Freeipa-users] General status of my FreeIPA servers - is there a method for cleaning them?
Dan Scott
danieljamesscott at gmail.com
Tue Apr 17 14:09:07 UTC 2012
On Tue, Apr 17, 2012 at 09:26, Rich Megginson <rmeggins at redhat.com> wrote:
> On 04/17/2012 07:26 AM, Dan Scott wrote:
>>
>> On Fri, Apr 13, 2012 at 17:44, Rich Megginson<rmeggins at redhat.com> wrote:
>>>
>>> On 04/13/2012 03:40 PM, Dan Scott wrote:
>>>>
>>>> I cleaned up all the "ruv_compare_ruv: RUV [changelog max RUV] does
>>>> not contain element" errors in the logs for each of fileservers 1, 2
>>>> and 3. The ldapsearch for
>>>>
>>>>
>>>> '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))'
>>>> is still showing entries though. Is that OK?
>>>
>>>
>>> The entry should exist, but the deleted servers should not be present in
>>> the
>>> nsds50ruv attribute.
>>
>> OK, so it's safe to delete replica entries which have
>> ldap://fileserver4.ecg.mit.edu:389 (fileserver4 is not currently a
>> replica) but not for the other servers?
>
> Yes. Following the CLEANRUV procedure:
> http://port389.org/wiki/Howto:CLEANRUV
Thanks. I think I'm getting there - removed the tombstones from the
main directory and the PKI-IPA directory (only one server so far
though). I still have a few strange entries though:
[root at fileserver1 ~]# ldapsearch -xLLL -D "cn=directory manager" -W -b
dc=ecg,dc=mit,dc=edu
'(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))'
Enter LDAP Password:
dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,dc=ecg,dc=mit,dc=edu
objectClass: top
objectClass: nsTombstone
objectClass: extensibleobject
nsds50ruv: {replicageneration} 4e7b746e000000040000
nsds50ruv: {replica 6 ldap://fileserver1.ecg.mit.edu:389} 4f50e685001d00060000
4f8d7874000200060000
nsds50ruv: {replica 43 ldap://fileserver2.ecg.mit.edu:389} 4f88cf450001002b000
0 4f8d78140000002b0000
nsds50ruv: {replica 5 ldap://fileserver3.ecg.mit.edu:389} 4f5047ad001d00050000
4f8d77c3000000050000
nsds50ruv: {replica 4 ldap://fileserver3.ecg.mit.edu:389}
nsds50ruv: {replica 9 ldap://fileserver3.ecg.mit.edu:389}
nsds50ruv: {replica 8 ldap://fileserver3.ecg.mit.edu:389} 4f7363d2001d00080000
4f736402000700080000
dc: ecg
nsruvReplicaLastModified: {replica 6 ldap://fileserver1.ecg.mit.edu:389} 4f8d7
806
nsruvReplicaLastModified: {replica 43 ldap://fileserver2.ecg.mit.edu:389} 4f8d
77a6
nsruvReplicaLastModified: {replica 5 ldap://fileserver3.ecg.mit.edu:389} 4f8d7
756
nsruvReplicaLastModified: {replica 4 ldap://fileserver3.ecg.mit.edu:389} 00000
000
nsruvReplicaLastModified: {replica 9 ldap://fileserver3.ecg.mit.edu:389} 00000
000
nsruvReplicaLastModified: {replica 8 ldap://fileserver3.ecg.mit.edu:389} 00000
000
Is it safe to run CLEANRUV on IDs 4 and 9? That still leaves me with 2
entries for fileserver3. How do I know which one to delete?
On my PKI-IPA server, the CLEANRUV task doesn't seem to work. It keeps
re-adding entries after I remove them. I have 3 entries for my
non-existent fileserver4 - They disappear when I remove them, but they
come back after a few minutes.
Thanks,
Dan
More information about the Freeipa-users
mailing list