[Freeipa-users] Replication problems with having more than one replica?

Steven Jones Steven.Jones at vuw.ac.nz
Wed Jun 13 23:06:29 UTC 2012


OK,

I have got ipa3 back in as a replica, however when I add a user to ipa1 (master) it flows to ipa2 (1st replica) but not to ipa3 (2nd replica) which I just added....

When I add a user to ipa2, it flows to ipa1 but not ipa3

When I add a user to ipa3 it doesnt flow to 1 or 2.

When I run ipa-manage-replica list on all three IPA servers I see all three are listed as masters.

??


regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Thursday, 14 June 2012 10:14 a.m.
To: Rob Crittenden
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Replication problems with having more than one replica?

because Im trying to clean out the old "memory" of the ex-replica first...I have to do that before I can re-add it for some reason.

All I have is the manual so Im doing my best to repair a system that seems unstable....so I was advised to make a new replica key as the original one used to initially make a replication agreement was no good.

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Thursday, 14 June 2012 10:08 a.m.
To: Steven Jones
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Replication problems with having more than one replica?

Steven Jones wrote:
> steps
>
> ==============
> 1) Fresh replica key
> 2) attempt to join with the ipa-manage-replica key command this fails
> 3) Check the 2nd servers dirsrv is running (service dirsrv status), if not start it with service dirsrv start
> 4) run ipa-replica-manage force-sync -from ipa1 on ipa2
> 5) Check the 2nd servers dirsrv is still running
> 6) On Ipa1 (the master) run ipa-replica-manage del ipam002
> 7) run ipa-server-install --uninstall on ipam002
> 8) run ipa-server-install and this seems to succeed

I still don't understand. What is step #1? You add a new replica by
doign an ipa-replica-prepare and ipa-replica-instal. Is that what you
mean? I don't understand why ipa-replica-manage would come into play
when adding a new replica.

>
> So far 1 to 2 and 2 to 1 replication is running HOWEVER replication on 2 to 3 does NOT work.....1 to 3 does and 3 to 1 does. I tried running ipa-replica-manage force-sync --from ipam1 but this wont sync, yet it used to.....
> ==============
>
> So when adding 2 back in replication 1 to 3 breaks.....so I tried removing 3 and re-adding and that failed.....I get a GSSAPI error....

If you delete a replica you need to restart the dirsrv service on any
masters it was connected to. 389-ds caches the GSSAPI credentials and
re-installing a replica will generate new ones which won't get picked up
until a restart.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users




More information about the Freeipa-users mailing list