[Freeipa-users] dse.ldif and dse.ldif.bak are lost
Rich Megginson
rmeggins at redhat.com
Wed Apr 30 13:26:28 UTC 2014
On 04/30/2014 03:26 AM, artjazz at free.fr wrote:
> Hi,
>
> I have 1 ipa master 'ipasrv' and 2 replicas 'iparpl1 iparpl2' installed with
> --setup-ca option.
> Since a few days I have an issue with '389 Directory Server' on the master
> (ipasrv) and on the 2nd replica (iparpl2) with the following messages:
>
> The configuration file /etc/dirsrv/slapd-MYINSTANCE/dse.ldif was not restored
> from backup /etc/dirsrv/slapd-MYINSTANCE/dse.ldif.tmp, error -1
> Apr 28 07:38:35 localhost ns-slapd: [28/Apr/2014:15:38:35 +0200] dse - The
> configuration file /etc/dirsrv/slapd-MYINSTANCE/dse.ldif was not restored from
> backup /etc/dirsrv/slapd-MYINSTANCE/dse.ldif.bak, error -1
> Apr 28 07:38:35 localhost ns-slapd: [28/Apr/2014:15:38:35 +0200] config - The
> given config file /etc/dirsrv/slapd-MYINSTANCE/dse.ldif could not be accessed,
> Netscape Portable Runtime error -5950 (File not found.)
>
> The files dse.ldif and dse.ldif.bak are lost.
Was this a VM or a bare metal machine? If a VM, please consider not
using a disk image file for the /etc partition to help avoid this
problem in the future.
What version of 389-ds-base? rpm -q 389-ds-base
Do you have dse.ldif.startOK?
ls -al /etc/dirsrv/slapd-MYINSTANCE
> On my 1st replica (iparpl1) everything is OK.
>
> No Full IPA backup and LDAP backup done on ipasrv and iparpl2.
>
> A) Can I restore those files from iparpl1 ?
dse.ldif? No, not without a lot of editing, since there is a lot of
host-specific config
>
> B) I am a little bit confused after reading the documentation on
> http://www.freeipa.org/page/Backup_and_Restore
> - can I consider that the ipa replicas are like ipa master ?
> In this case when I want to execute the manual procedure in chapter 'One
> Server Loss'
> 1. Clean deployment from the lost server by removing all replication
> agreements with it.
> from iparpl1 I have the following results:
>
> [root at iparpl1 ~]# ipa-replica-manage del iparpl2.mydomain
> 'iparpl1.mydomain' has no replication agreement for 'iparpl2.mydomaon'
>
> [root at iparpl1 ~]# ipa-replica-manage del ipasrv.mydomain
> Connection to 'ipasrv.mydomain' failed:
> Unable to delete replica 'ipasrv.mydomain'
>
> 2. Choose another FreeIPA Server with CA installed to become the first master
> Can I do this request from my 1st replica iparpl1 and how ?
>
> 3. Nominate this master to be the one in charge or renewing certs and
> publishing CRLS. This is a manual procedure at the moment.
>
> 4. Follow standard installation procedure to deploy a new master on a
> hardware/VM of your choice
> this request is to install a replica not a master ?
>
> Thanks for your help.
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list