[Freeipa-users] Stock with a Master in read-only mode
Davis Goodman
davis.goodman at digital-district.ca
Wed May 21 07:12:26 UTC 2014
On May 21, 2014, at 2:45 , Martin Kosek <mkosek at redhat.com> wrote:
> On 05/21/2014 08:36 AM, Davis Goodman wrote:
>> Hi,
>>
>> Lately I’ve been having issues of replication between my server and my 2 replicas.
>>
>> I decided I was going to delete my 2 replicas and start over keeping my master intact.
>>
>> I wasn`t successfull in getting all 3 servers to replicate to each other. ( it used to work)
>>
>> I tried deleting 1 replica after the other one to always keep one of the two available.
>>
>> I had to delete manually the replica host on the master with a bunch of ldapdelete command which worked fine.
>>
>> But after many unsuccessful trials of getting everyone to sync I decided to delete my two replicas.
>>
>> I went back to my master to use the ldapdelete to remove both host`s records so that I could start over.
>>
>> Unfortunately now I’m getting this error.
>>
>> ldapdelete -x -D "cn=Directory Manager" -W cn=DNS,cn=freeipa02.mtl.domain.int,cn=masters,cn=ipa,cn=etc,dc=domain,dc=int
>> Enter LDAP Password:
>> ldap_delete: Server is unwilling to perform (53)
>> additional info: database is read-only
>>
>>
>>
>> I’m kinda stuck now with no replicas and no DNS. I could restore the backup prior to the start of the operation but with a master in read-only mode it wouldn’t of much help.
>>
>> Any insights would be more than welcome.
>>
>>
>> Davis
>
> Hi Davis, did maybe some of your ipa-replica-manage crashed in a middle of an
> operation or an upgrade was interrupted and left the database put in read only
> mode?
>
> You can find out with this ldapsearch:
>
> ldapsearch -h `hostname` -D "cn=Directory Manager" -x -w kokos123 -b
> 'cn=userRoot,cn=ldbm database,cn=plugins,cn=config' -s base
>
> Check for nsslapd-readonly, it should be put to "off" in normal operation.
>
> Martin
Ok finally managed to modify the read-only flag.
Could prepare my replicas and get them going.
Everything seems fine but I’m getting this error while setting up the replicas. Should I be concerned about this one:
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update succeeded
[23/31]: adding replication acis
[24/31]: setting Auto Member configuration
[25/31]: enabling S4U2Proxy delegation
ipa : CRITICAL Failed to load replica-s4u2proxy.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmplpfMNG -H ldap://freeipa02.mtl.ddistrict.int:389 -x -D cn=Directory Manager -y /tmp/tmp4Svn9k' returned non-zero exit status 20
[26/31]: initializing group membership
[27/31]: adding master entry
[28/31]: configuring Posix uid/gid generation
the rest seems to work fine.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140521/ef50a5d1/attachment.htm>
More information about the Freeipa-users
mailing list