[Freeipa-users] IPA RUV unable to decode

Tue May 5 18:11:14 UTC 2015

Ok, so removing all replicas + uninstall and remove all ruv (except master)
via cleanruv script seems to works. Thanks everybody for help, I'll try it
in production now

Vasek

On Tue, May 5, 2015 at 4:49 PM, Mark Reynolds <mareynol at redhat.com> wrote:

>
>
> On 05/05/2015 07:49 AM, Ludwig Krispenz wrote:
>
>>
>> On 05/05/2015 01:27 PM, Martin Kosek wrote:
>>
>>> On 05/05/2015 12:38 PM, Vaclav Adamec wrote:
>>>
>>>> Hi,
>>>>   I tried migrate to newest version IPA, but result is quite unstable
>>>> and
>>>> removing old replicas ends with RUV which cannot be decoded (it stucked
>>>> in
>>>> queue forever):
>>>>
>>>> ipa-replica-manage del ipa-master-dmz002.test.com -fc
>>>> Cleaning a master is irreversible.
>>>> This should not normally be require, so use cautiously.
>>>> Continue to clean master? [no]: yes
>>>>
>>>> ipa-replica-manage list-ruv
>>>> unable to decode: {replica 8} 55091239000400080000 55091239000400080000
>>>> unable to decode: {replica 7} 552f84cd000300070000 552f84cd000300070000
>>>> unable to decode: {replica 11} 551a42f70000000b0000 551aa3140001000b0000
>>>> unable to decode: {replica 15} 551e82e10001000f0000 551e82e10001000f0000
>>>> unable to decode: {replica 14} 551e82ec0001000e0000 551e82ec0001000e0000
>>>> unable to decode: {replica 20} 552f4b72000600140000 552f4b72000600140000
>>>> unable to decode: {replica 10} 551a25af0001000a0000 551a25af0001000a0000
>>>> unable to decode: {replica 3} 551e864c000300030000 551e864c000300030000
>>>> unable to decode: {replica 5} 55083ad2000300050000 55083ad2000300050000
>>>> unable to decode: {replica 9} 550913e7000000090000 550913e7000000090000
>>>> unable to decode: {replica 19} 55210193000300130000 55210193000300130000
>>>> unable to decode: {replica 12} 551a48290000000c0000 551a48c50000000c0000
>>>> ipa-master-dmz001.test.com:389: 25
>>>> ipa-master-dmz002.test.com:389: 21
>>>>
>>>> it is possible to clear this queue and leave only valid servers ?
>>>>
>>>> Thanks in advance
>>>>
>>>> ipa-client-4.1.0-18.el7_1.3.x86_64
>>>> ipa-server-4.1.0-18.el7_1.3.x86_64
>>>>
>>> Ludwig or Thierry, do you know? The questions about RUV cleaning seems
>>> to be
>>> recurring, I suspect there will be a pattern (bug) and not just
>>> configuration
>>> issue.
>>>
>> we have seen this in a recent thread, and it is clear that the RUV is
>> corrupted and cannot be decoded, but we don't have a scenario how this is
>> state is reached.
>>
> The cleaning task (cleanAllRUV) can remove these invalid replica RUVs
> (RUV's missing the ldap URL).  To reproduce these "invalid" RUV's it
> requires replication being disabled and re-enabled with a different replica
> id.
>
> To manually clean these invalid RUV elements, outside of using the IPA
> CLI, you can directly issue the cleanAllRUV task to the Directory Server
> using ldapmodify:
>
> # ldapmodify -D "cn=directory manager" -W -a
> dn: cn=clean 8, cn=cleanallruv, cn=tasks, cn=config
> objectclass: extensibleObject
> replica-base-dn: dc=example,dc=com
> replica-id: 8
> cn: clean 8
>
> Run these one at a time, as there is a current limit of running 4
> concurrent tasks.  It is best to monitor the Directory Server errors log,
> or search on the task entry itself, to see when it has finished before
> firing off the next task.
>
> For more on using cleanAllRUV see:
>
> http://www.port389.org/docs/389ds/howto/howto-cleanruv.html#cleanallruv
> http://www.port389.org/docs/389ds/design/cleanallruv-design.html
>
> Regards,
> Mark
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>

-- 
-- May the fox be with you ...
   /\
  (~(
   ) )         /\_/\
  (_=---_(@ @)
    (          \   /
    /|/----\|\  V
    " "     " "
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150505/27e97c22/attachment.htm>