[Freeipa-users] replication again :-(

Mark Reynolds mareynol at redhat.com
Wed May 20 14:53:52 UTC 2015 


On 05/20/2015 10:17 AM, thierry bordaz wrote:
> On 05/20/2015 03:46 PM, Janelle wrote:
>> On 5/20/15 6:01 AM, thierry bordaz wrote:
>>> On 05/20/2015 02:57 AM, Janelle wrote:
>>>> On 5/19/15 12:04 AM, thierry bordaz wrote:
>>>>> On 05/19/2015 03:42 AM, Janelle wrote:
>>>>>> On 5/18/15 6:23 PM, Janelle wrote:
>>>>>>> Once again, replication/sync has been lost. I really wish the 
>>>>>>> product was more stable, it is so much potential and yet.
>>>>>>>
>>>>>>> Servers running for 6 days no issues. No new accounts or changes 
>>>>>>> (maybe a few users changing passwords) and again, 5 out of 16 
>>>>>>> servers are no longer in sync.
>>>>>>>
>>>>>>> I can test it easily by adding an account and then waiting a few 
>>>>>>> minutes, then run "ipa  user-show --all username" on all the 
>>>>>>> servers, and only a few of them have the account.  I have now 
>>>>>>> waited 15 minutes, still no luck.
>>>>>>>
>>>>>>> Oh well.. I guess I will go look at alternatives. I had such 
>>>>>>> high hopes for this tool. Thanks so much everyone for all your 
>>>>>>> help in trying to get things stable, but for whatever reason, 
>>>>>>> there is a random loss of sync among the servers and obviously 
>>>>>>> this is not acceptable.
>>>>>>>
>>>>>>> regards
>>>>>>> ~J
>>>>>>
>>>>
>>>> All the replicas are happy again. I found these again:
>>>>
>>>> unable to decode  {replica 16} 55356472000300100000 
>>>> 55356472000300100000
>>>> unable to decode  {replica 23} 5553e3a3000000170000 
>>>> 55543240000300170000
>>>> unable to decode  {replica 24} 554d53d3000000180000 
>>>> 554d54a4000200180000
>>>>
>>>> What I also found to be interesting is that I have not deleted any 
>>>> masters at all, so this was quite perplexing where the orphaned 
>>>> entries came from.  However I did find 3 of the replicas did not 
>>>> show complete RUV lists... While most of the replicas had a list of 
>>>> all 16 servers, a couple of them listed only 4 or 5. (using 
>>>> ipa-replica-manage list-ruv)
>>> I don't know about the orphaned entries. Did you get entries below 
>>> deleted parents ?
>>>
>>> AFAIK all replicas are master and so have an entry {replica <rid>} 
>>> in the RUV. We should expect all servers having the same number of 
>>> RUVelements (16, 4 or 5). The servers with 4 or 5 may be isolated so 
>>> that they did not received updates from those with 16 RUVelements.
>>> would you copy/paste an example of RUV with 16 and with 4-5 ?
>>
>> Now, the steps to clear this were:
>>
>> Removed the "unable to decode" with the direct ldapmodify's. This 
>> worked across all replicas, which was nice and did not have to be 
>> repeated in each one. In other words, entered on a single server, and 
>> it was removed on all.
> Hello,
>
> Did you do direct ldapmodify onto the RUV entry 
> (nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,SUFFIX) , clean RUV ?
Thierry,

Janelle just manually added a cleanallruv task (that I had recommended 
the other week).

Mark
>
> dc1-ipa1 and dc1-ipa2 are missing some RUVelement. If you do  an 
> update on dc3-ipa1, is it replicated to dc1-ipa[12] ?
>
> Also there are duplicated RID (9, 25) for dc1-ipa2.example.com:389. 
> You may see some messages like 'attrlist_replace' in some error logs.
> 25 seems to be the new RID.
>
> thanks
> thierry
>
>>
>> re-initialized --from=good server on the ones with the short list.
>>
>> Waited 5 minutes to let everything settle, then started running tests 
>> of adds/deletes which seemed to be just fine.
>>
>> Here are 2 of the DCs
>>
>> -------------------------------------
>> Node dc1-ipa1
>> -------------------------------------
>> dc4-ipa4.example.com 389  21
>> dc1-ipa1.example.com 389  10
>> dc1-ipa4.example.com 389  4
>> -------------------------------------
>> Node dc1-ipa2
>> -------------------------------------
>> dc4-ipa4.example.com 389  21
>> dc1-ipa1.example.com 389  10
>> dc1-ipa2.example.com 389  25
>> dc1-ipa3.example.com 389  8
>> dc1-ipa4.example.com 389  4
>> -------------------------------------
>> Node dc1-ipa3
>> -------------------------------------
>> dc3-ipa1.example.com 389  14
>> dc3-ipa2.example.com 389  13
>> dc3-ipa3.example.com 389  12
>> dc3-ipa4.example.com 389  11
>> dc2-ipa1.example.com 389  7
>> dc2-ipa2.example.com 389  6
>> dc2-ipa3.example.com 389  5
>> dc2-ipa4.example.com 389  3
>> dc4-ipa1.example.com 389  18
>> dc4-ipa2.example.com 389  19
>> dc4-ipa3.example.com 389  20
>> dc4-ipa4.example.com 389  21
>> dc1-ipa1.example.com 389  10
>> dc1-ipa2.example.com 389  25
>> dc1-ipa2.example.com 389  9
>> dc1-ipa3.example.com 389  8
>> dc1-ipa4.example.com 389  4
>> unable to decode  {replica 16} 55356472000300100000 55356472000300100000
>> unable to decode  {replica 24} 554d53d3000000180000 554d54a4000200180000
>> dc5-ipa1.example.com 389  26
>> dc5-ipa2.example.com 389  15
>> dc5-ipa3.example.com 389  17
>> -------------------------------------
>> Node dc1-ipa4
>> -------------------------------------
>> dc3-ipa1.example.com 389  14
>> dc3-ipa2.example.com 389  13
>> dc3-ipa3.example.com 389  12
>> dc3-ipa4.example.com 389  11
>> dc2-ipa1.example.com 389  7
>> dc2-ipa2.example.com 389  6
>> dc2-ipa3.example.com 389  5
>> dc2-ipa4.example.com 389  3
>> dc4-ipa1.example.com 389  18
>> dc4-ipa2.example.com 389  19
>> dc4-ipa3.example.com 389  20
>> dc4-ipa4.example.com 389  21
>> dc1-ipa1.example.com 389  10
>> dc1-ipa2.example.com 389  25
>> dc1-ipa2.example.com 389  9
>> dc1-ipa3.example.com 389  8
>> dc1-ipa4.example.com 389  4
>> unable to decode  {replica 16} 55356472000300100000 55356472000300100000
>> unable to decode  {replica 24} 554d53d3000000180000 554d54a4000200180000
>> dc5-ipa1.example.com 389  26
>> dc5-ipa2.example.com 389  15
>> dc5-ipa3.example.com 389  17
>> -------------------------------------
>> Node dc2-ipa1
>> -------------------------------------
>> dc3-ipa1.example.com 389  14
>> dc3-ipa2.example.com 389  13
>> dc3-ipa3.example.com 389  12
>> dc3-ipa4.example.com 389  11
>> dc2-ipa1.example.com 389  7
>> dc2-ipa2.example.com 389  6
>> dc2-ipa3.example.com 389  5
>> dc2-ipa4.example.com 389  3
>> dc4-ipa1.example.com 389  18
>> dc4-ipa2.example.com 389  19
>> dc4-ipa3.example.com 389  20
>> dc4-ipa4.example.com 389  21
>> dc1-ipa1.example.com 389  10
>> dc1-ipa2.example.com 389  25
>> dc1-ipa2.example.com 389  9
>> dc1-ipa3.example.com 389  8
>> dc1-ipa4.example.com 389  4
>> unable to decode  {replica 16} 55356472000300100000 55356472000300100000
>> unable to decode  {replica 23} 5553e3a3000000170000 55543240000300170000
>> unable to decode  {replica 24} 554d53d3000000180000 554d54a4000200180000
>> dc5-ipa1.example.com 389  26
>> dc5-ipa2.example.com 389  15
>> dc5-ipa3.example.com 389  17
>> -------------------------------------
>> Node dc2-ipa2
>> -------------------------------------
>> dc3-ipa1.example.com 389  14
>> dc3-ipa2.example.com 389  13
>> dc3-ipa3.example.com 389  12
>> dc3-ipa4.example.com 389  11
>> dc2-ipa1.example.com 389  7
>> dc2-ipa2.example.com 389  6
>> dc2-ipa3.example.com 389  5
>> dc2-ipa4.example.com 389  3
>> dc4-ipa1.example.com 389  18
>> dc4-ipa2.example.com 389  19
>> dc4-ipa3.example.com 389  20
>> dc4-ipa4.example.com 389  21
>> dc1-ipa1.example.com 389  10
>> dc1-ipa2.example.com 389  25
>> dc1-ipa2.example.com 389  9
>> dc1-ipa3.example.com 389  8
>> dc1-ipa4.example.com 389  4
>> unable to decode  {replica 16} 55356472000300100000 55356472000300100000
>> unable to decode  {replica 24} 554d53d3000000180000 554d54a4000200180000
>> dc5-ipa1.example.com 389  26
>> dc5-ipa2.example.com 389  15
>> dc5-ipa3.example.com 389  17
>> -------------------------------------
>> Node dc2-ipa3
>> -------------------------------------
>> dc3-ipa1.example.com 389  14
>> dc3-ipa2.example.com 389  13
>> dc3-ipa3.example.com 389  12
>> dc3-ipa4.example.com 389  11
>> dc2-ipa1.example.com 389  7
>> dc2-ipa2.example.com 389  6
>> dc2-ipa3.example.com 389  5
>> dc2-ipa4.example.com 389  3
>> dc4-ipa1.example.com 389  18
>> dc4-ipa2.example.com 389  19
>> dc4-ipa3.example.com 389  20
>> dc4-ipa4.example.com 389  21
>> dc1-ipa1.example.com 389  10
>> dc1-ipa2.example.com 389  25
>> dc1-ipa2.example.com 389  9
>> dc1-ipa3.example.com 389  8
>> dc1-ipa4.example.com 389  4
>> unable to decode  {replica 16} 55356472000300100000 55356472000300100000
>> unable to decode  {replica 24} 554d53d3000000180000 554d54a4000200180000
>> dc5-ipa1.example.com 389  26
>> dc5-ipa2.example.com 389  15
>> dc5-ipa3.example.com 389  17
>> -------------------------------------
>> Node dc2-ipa4
>> -------------------------------------
>> dc3-ipa1.example.com 389  14
>> dc3-ipa2.example.com 389  13
>> dc3-ipa3.example.com 389  12
>> dc3-ipa4.example.com 389  11
>> dc2-ipa1.example.com 389  7
>> dc2-ipa2.example.com 389  6
>> dc2-ipa3.example.com 389  5
>> dc2-ipa4.example.com 389  3
>> dc4-ipa1.example.com 389  18
>> dc4-ipa2.example.com 389  19
>> dc4-ipa3.example.com 389  20
>> dc4-ipa4.example.com 389  21
>> dc1-ipa1.example.com 389  10
>> dc1-ipa2.example.com 389  25
>> dc1-ipa2.example.com 389  9
>> dc1-ipa3.example.com 389  8
>> dc1-ipa4.example.com 389  4
>> unable to decode  {replica 16} 55356472000300100000 55356472000300100000
>> unable to decode  {replica 24} 554d53d3000000180000 554d54a4000200180000
>> dc5-ipa1.example.com 389  26
>> dc5-ipa2.example.com 389  15
>> dc5-ipa3.example.com 389  17
>>
>>
>> Happy Wednesday
>> ~Janelle
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150520/7206e850/attachment.htm>

More information about the Freeipa-users mailing list