[Freeipa-users] stubborn old replicas
Janelle
janellenicole80 at gmail.com
Thu Aug 27 14:27:00 UTC 2015
On 8/27/15 1:05 AM, thierry bordaz wrote:
> On 08/27/2015 09:41 AM, Ludwig Krispenz wrote:
>>
>> On 08/27/2015 09:08 AM, Martin Kosek wrote:
>>> On 08/26/2015 05:31 PM, Simo Sorce wrote:
>>>> On Wed, 2015-08-26 at 06:36 -0700, Janelle wrote:
>>>>> Hello all,
>>>>>
>>>>> My biggest problem is losing replicas and then trying to delete the
>>>>> entries and rebuild them. Here is a perfect example, I simply
>>>>> can't get
>>>>> rid of these (see below). I have tried (of course after the ORIGINAL
>>>>> "ipa-replica-manage del hostname --force --clean":
>>>>>
>>>>> ipa-replica-manage clean-ruv 25
>>>>>
>>>>> ldapmodify... with:
>>>>> dn: cn=clean 25, cn=cleanallruv, cn=tasks, cn=config
>>>>> objectclass: extensibleObject
>>>>> replica-base-dn: dc=example,dc=com
>>>>> replica-id: 25
>>>>> cn: clean 25
>>>>>
>>>>> And yet nothing works. Any suggestions? This is perhaps the most
>>>>> frustrating part about maintaining IPA.
>>>>>
>>>>> ~J
>>>>>
>>>>> unable to decode: {replica 12} 5588dc2e0000000c0000
>>>>> 559f3de60004000c0000
>>>>> unable to decode: {replica 14} 5587aa8d0000000e0000
>>>>> 5587aa8d0003000e0000
>>>>> unable to decode: {replica 16} 5588f58f000000100000
>>>>> 55bb7b08000500100000
>>>>> unable to decode: {replica 25} 55a4887b000000190000
>>>>> 55a49242000400190000
>>>>> unable to decode: {replica 29} 55d199a50001001d0000
>>>>> 55d199a50001001d0000
>>>>> unable to decode: {replica 3} 5587c5c3000000030000
>>>>> 55b8a049000100030000
>>>>> unable to decode: {replica 5} 55cc82ab041d00050000
>>>>> 55cc82ab041d00050000
>>>> Have you tried restarting DS before trying to clean the ruv ?
>>>>
>>>> I run in a similar problem in a test install recently, and I got
>>>> better
>>>> results that way. The bug is known to the DS people and they are
>>>> working
>>>> to get out patches that fix the root issue.
>>>>
>>>> Simo.
>>> CCing DS folks. Wasn't there a recent DS fix that was supposed to
>>> improve the
>>> RUV situation?
>>>
>>> Looking at 389 DS Trac, I see some interesting RUV fixes in 1.3.4.x
>>> releases:
>>>
>>> https://fedorahosted.org/389/query?summary=~RUV&status=closed&order=milestone&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone
>>>
>>>
>>> I see that 389-ds-base-1.3.4.3 is already in Fedora 22+, does the
>>> RUV issue
>>> happen there?
>> it should not, and I think Thierry verified the fix.
>> The problem we resolved and which we think is the core of the
>> corrupted RUV was that the cleanallruv task did only purge the RUV,
>> but dit not purge the changelog. If cleanallruv was run and the
>> server had a disorderly shutdown (crash or abort when shutdown was
>> hanging) then at restart the changelog RUV was rebuilt from the data
>> in the changelog and if it contained a csn from cleaned RIDs this was
>> added to the RUV (but the reference to the server was lost and so the
>> url part is missing from this RUV.
>> The fix now does remove all references to the cleaned RID from the
>> changelog and the problem should not reoccur with RIDs cleaned with
>> the fix, of course th echangelog can still can contain references to
>> RIDs cleaned before the fix - and if no changelog trimming is
>> configured this is what will happen. So, even after the fix old RUVs
>> could pop up and have to be (finally) cleaned.
>>
>> The other source is that these corrupted rivs can be "imported" from
>> another server by exchanging ruvs in the repl protocol. Cleanallruv
>> tries to address this and to propagate the cleanallruv tasks to all
>> servers it thinks are connected. If there are replication agreements
>> to servers which no longer exist or to servers which cannot be
>> connetcted this will delay the ruv cleaning
>>
>
> Hello,
>
> I verified the fix in 1.3.4.2 F22 / 389-ds-base-1.3.4.0-6.el7 RHEL7,
> so after those versions CLEANALLRUV do not create any longer corrupted
> ruv elements.
> According to the timestamp in the ruv (for example csn2date.py
> 5587aa8d0003000e0000 --> 22/06/2015:06:26:21) this are old ruv
> elements. I think Ludwig is right, these corrupted ruv-elements come
> from old cleanallruv before the fix was applied.
>
> The problem is that even a fixed server can get those corrupted
> ruv-elements from others servers.
> All servers in the topology should be updated with that fix, so that
> at least they stop creating corrupted ruv-elements.
> Now to get rid of the existing ones, I imagine only brute option of
> recreating replica and reinit... I hope an other option is possible.
>
> thanks
> thierry
>
>
Simple question -- what if one is running RHEL 7.1?? Can this fix be
installed?? I see you mentioned it is in 1.3.4.0 for RHEL 7, but I don't
see it?
~J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150827/2481e15b/attachment.htm>
More information about the Freeipa-users
mailing list