[Freeipa-users] multi-master replication
Rich Megginson
rmeggins at redhat.com
Mon Oct 27 13:41:57 UTC 2014
On 10/25/2014 06:17 PM, Dmitri Pal wrote:
> On 10/24/2014 07:15 PM, Craig White wrote:
>>
>> *From:*freeipa-users-bounces at redhat.com
>> [mailto:freeipa-users-bounces at redhat.com] *On Behalf Of *Craig White
>> *Sent:* Friday, October 24, 2014 4:02 PM
>> *To:* freeipa-users at redhat.com
>> *Subject:* [Freeipa-users] multi-master replication
>>
>> I would have thought that changes go from replica to master and not
>> just master to replica.
>>
>> Is there something I have to do to make the changes bi-directional?
>>
>> Replying to my own post…
>>
>> Logs are my friend ;-)
>>
>> [24/Oct/2014:23:08:17 +0000] NSMMReplicationPlugin -
>> agmt="cn=meToipa001.domain.local " (ipa001:389): Replication bind
>> with GSSAPI auth resumed
>>
>> [24/Oct/2014:23:08:17 +0000] NSMMReplicationPlugin -
>> agmt="cn=meToipa001.domain.local " (ipa001:389): Warning: unable to
>> replicate schema: rc=2
>>
>> [24/Oct/2014:23:08:17 +0000] NSMMReplicationPlugin -
>> agmt="cn=meToipa001.domain.local " (ipa001:389): Failed to send
>> update operation to consumer (uniqueid
>> e018060f-5bb011e4-81078979-dc802980, CSN 544aa346000000030000): Can't
>> contact LDAP server. Will retry later.
>>
>> [24/Oct/2014:23:08:17 +0000] NSMMReplicationPlugin -
>> agmt="cn=meToipa001.domain.local " (ipa001:389): Consumer failed to
>> replay change (uniqueid (null), CSN (null)): Can't contact LDAP
>> server(-1). Will retry later.
>>
>
> These NULLs look suspicious.
> I hope DS gurus will have more for you on Monday.
1) Yes, replication is fully bi-directional.
2) What are the exact versions of dirsrv? rpm -q 389-ds-base on
supplier and consumer.
3) Can you reproduce the problem using the replication log level on both
the supplier and consumer?
http://www.port389.org/docs/389ds/FAQ/faq.html#troubleshooting
>
>> [24/Oct/2014:23:08:17 +0000] NSMMReplicationPlugin -
>> agmt="cn=meToipa001.domain.local" (ipa001:389): Warning: unable to
>> send endReplication extended operation (Can't contact LDAP server)
>>
>> And on the master, I see a bunch of…
>>
>> sasl_io_recv failed to decode packet for connection 4113
>>
>> but dirsrv is running on both machines and firewalls aren’t in the
>> way because I managed to set up the initial replication from master
>> to replica without a problem and the firewall rules are the same for
>> both machines.
>>
>> # rpm -qa | grep ipa
>>
>> ipa-admintools-3.0.0-42.el6.x86_64
>>
>> libipa_hbac-python-1.11.6-30.el6.x86_64
>>
>> python-iniparse-0.3.1-2.1.el6.noarch
>>
>> ipa-client-3.0.0-42.el6.x86_64
>>
>> ipa-server-selinux-3.0.0-42.el6.x86_64
>>
>> ipa-pki-common-theme-9.0.3-7.el6.noarch
>>
>> ipa-pki-ca-theme-9.0.3-7.el6.noarch
>>
>> sssd-ipa-1.11.6-30.el6.x86_64
>>
>> ipa-python-3.0.0-42.el6.x86_64
>>
>> ipa-server-3.0.0-42.el6.x86_64
>>
>> libipa_hbac-1.11.6-30.el6.x86_64
>>
>> RHEL 6.5
>>
>>
>>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141027/ea9f7770/attachment.htm>
More information about the Freeipa-users
mailing list