[Freeipa-users] IPA RUV unable to decode
Martin Kosek
mkosek at redhat.com
Wed May 6 06:22:07 UTC 2015
On 05/05/2015 04:49 PM, Mark Reynolds wrote:
>
>
> On 05/05/2015 07:49 AM, Ludwig Krispenz wrote:
>>
>> On 05/05/2015 01:27 PM, Martin Kosek wrote:
>>> On 05/05/2015 12:38 PM, Vaclav Adamec wrote:
>>>> Hi,
>>>> I tried migrate to newest version IPA, but result is quite unstable and
>>>> removing old replicas ends with RUV which cannot be decoded (it stucked in
>>>> queue forever):
>>>>
>>>> ipa-replica-manage del ipa-master-dmz002.test.com -fc
>>>> Cleaning a master is irreversible.
>>>> This should not normally be require, so use cautiously.
>>>> Continue to clean master? [no]: yes
>>>>
>>>> ipa-replica-manage list-ruv
>>>> unable to decode: {replica 8} 55091239000400080000 55091239000400080000
>>>> unable to decode: {replica 7} 552f84cd000300070000 552f84cd000300070000
>>>> unable to decode: {replica 11} 551a42f70000000b0000 551aa3140001000b0000
>>>> unable to decode: {replica 15} 551e82e10001000f0000 551e82e10001000f0000
>>>> unable to decode: {replica 14} 551e82ec0001000e0000 551e82ec0001000e0000
>>>> unable to decode: {replica 20} 552f4b72000600140000 552f4b72000600140000
>>>> unable to decode: {replica 10} 551a25af0001000a0000 551a25af0001000a0000
>>>> unable to decode: {replica 3} 551e864c000300030000 551e864c000300030000
>>>> unable to decode: {replica 5} 55083ad2000300050000 55083ad2000300050000
>>>> unable to decode: {replica 9} 550913e7000000090000 550913e7000000090000
>>>> unable to decode: {replica 19} 55210193000300130000 55210193000300130000
>>>> unable to decode: {replica 12} 551a48290000000c0000 551a48c50000000c0000
>>>> ipa-master-dmz001.test.com:389: 25
>>>> ipa-master-dmz002.test.com:389: 21
>>>>
>>>> it is possible to clear this queue and leave only valid servers ?
>>>>
>>>> Thanks in advance
>>>>
>>>> ipa-client-4.1.0-18.el7_1.3.x86_64
>>>> ipa-server-4.1.0-18.el7_1.3.x86_64
>>> Ludwig or Thierry, do you know? The questions about RUV cleaning seems to be
>>> recurring, I suspect there will be a pattern (bug) and not just configuration
>>> issue.
>> we have seen this in a recent thread, and it is clear that the RUV is
>> corrupted and cannot be decoded, but we don't have a scenario how this is
>> state is reached.
> The cleaning task (cleanAllRUV) can remove these invalid replica RUVs (RUV's
> missing the ldap URL). To reproduce these "invalid" RUV's it requires
> replication being disabled and re-enabled with a different replica id.
>
> To manually clean these invalid RUV elements, outside of using the IPA CLI, you
> can directly issue the cleanAllRUV task to the Directory Server using ldapmodify:
>
> # ldapmodify -D "cn=directory manager" -W -a
> dn: cn=clean 8, cn=cleanallruv, cn=tasks, cn=config
> objectclass: extensibleObject
> replica-base-dn: dc=example,dc=com
> replica-id: 8
> cn: clean 8
>
> Run these one at a time, as there is a current limit of running 4 concurrent
> tasks. It is best to monitor the Directory Server errors log, or search on the
> task entry itself, to see when it has finished before firing off the next task.
>
> For more on using cleanAllRUV see:
>
> http://www.port389.org/docs/389ds/howto/howto-cleanruv.html#cleanallruv
> http://www.port389.org/docs/389ds/design/cleanallruv-design.html
>
> Regards,
> Mark
Just for the record, ipa-replica-manage has a CLI for the CleanAllRUV task
management:
# man ipa-replica-manage
...
list-ruv
- List the replication IDs on this server.
clean-ruv [REPLICATION_ID]
- Run the CLEANALLRUV task to remove a replication ID.
abort-clean-ruv [REPLICATION_ID]
- Abort a running CLEANALLRUV task.
list-clean-ruv
- List all running CLEANALLRUV and abort CLEANALLRUV tasks.
...
More information about the Freeipa-users
mailing list