[Freeipa-users] IPA Replication not working for User and DNS
Yogesh Sharma
yks0000 at gmail.com
Mon Nov 2 05:54:58 UTC 2015
Tried to re-enroll the replica however, getting the same error, though I am
able to connect to server.
=====
Starting replication, please wait until this has completed.
[ipa-inf-prd-ng2-01.klikpay.int] reports: Update failed! Status: [-1 -
LDAP error: Can't contact LDAP server]
[error] RuntimeError: Failed to start replication
=====
[root at ipa-inf-prd-ng2-02 ~]# telnet ipa-inf-prd-ng2-01.klikpay.int 389
Trying 172.16.32.10...
Connected to ipa-inf-prd-ng2-01.klikpay.int.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
[root at ipa-inf-prd-ng2-02 ~]#
*Best Regards,*
*__________________________________________*
*Yogesh Sharma*
*Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
<http://www.initd.in/> *
*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
<https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000>
<https://twitter.com/checkwithyogesh>
<http://google.com/+YogeshSharmaOnGooglePlus>
On Fri, Oct 30, 2015 at 7:05 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Yogesh Sharma wrote:
> > Team,
> >
> > Noticed that user created on IPA Master are not replicating on Replica.
> >
> > Also, we create a new Zone in Master, However we do not see the same in
> > replica server.
>
> You need to figure out why ipa-inf-prd-ng2-01.klikpay.int can't contact
> port 389 on ipa-inf-prd-ng2-02.klikpay.int. It may be someone threw up a
> firewall without telling you, or someone tweaked the rules on either of
> those boxes.
>
> Doing re-init, force-sync, etc is always going to fail if one can't talk
> to the other.
>
> rob
>
> >
> >
> > Below is the information:
> >
> > From Master:
> >
> > [root at ipa-inf-prd-ng2-01 ~]# ipa-replica-manage list -v
> > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
> > Directory Manager password:
> >
> > ipa-inf-prd-ng2-02.klikpay.int <http://ipa-inf-prd-ng2-02.klikpay.int>:
> > replica
> > last init status: None
> > last init ended: None
> > last update status: -1 Unable to acquire replicaLDAP error: Can't
> > contact LDAP server
> > last update ended: None
> > [root at ipa-inf-prd-ng2-01 ~]#
> >
> >
> >
> > From Replica:
> >
> >
> > [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage list -v
> > ipa-inf-prd-ng2-02.klikpay.int <http://ipa-inf-prd-ng2-02.klikpay.int>
> > Directory Manager password:
> >
> > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>:
> > replica
> > last init status: None
> > last init ended: None
> > last update status: 0 Replica acquired successfully: Incremental
> > update succeeded
> > last update ended: 2015-10-30 10:36:25+00:00
> > [root at ipa-inf-prd-ng2-02 ~]#
> >
> >
> > Though it says it is replicated (last update ended), We are not seeing
> > new users and the new DNS Zone which we created
> >
> >
> > I also tried force replication, though I can not see the new Changes:
> >
> > [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage force-sync --from
> > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
> > Directory Manager password:
> >
> > ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
> > <http://meToipa-inf-prd-ng2-02.klikpay.int
> >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> > tree,cn=config schedule to 2358-2359 0 to force synch
> > ipa: INFO: Deleting schedule 2358-2359 0 from agreement
> > cn=meToipa-inf-prd-ng2-02.klikpay.int
> > <http://meToipa-inf-prd-ng2-02.klikpay.int
> >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> > tree,cn=config
> > [root at ipa-inf-prd-ng2-02 ~]#
> >
> >
> > Once I do re-initialization, it gives "Can't Contact LDAP Server"
> >
> > [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage re-initialize --from
> > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
> > Directory Manager password:
> >
> > ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
> > <http://meToipa-inf-prd-ng2-02.klikpay.int
> >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> > tree,cn=config schedule to 2358-2359 0 to force synch
> > ipa: INFO: Deleting schedule 2358-2359 0 from agreement
> > cn=meToipa-inf-prd-ng2-02.klikpay.int
> > <http://meToipa-inf-prd-ng2-02.klikpay.int
> >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> > tree,cn=config
> >
> > [ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>]
> > reports: Update failed! Status: [-1 - LDAP error: Can't contact LDAP
> > server]
> >
> >
> >
> >
> > /Best Regards,/
> > /__________________________________________
> > /
> > /Yogesh Sharma
> > /
> > /Email: yks0000 at gmail.com <mailto:yks0000 at gmail.com> | Web: www.initd.in
> > <http://www.initd.in/> /
> > /
> > /
> > /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/
> >
> > <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> <
> https://twitter.com/checkwithyogesh> <
> http://google.com/+YogeshSharmaOnGooglePlus>
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151102/56354eb5/attachment.htm>
More information about the Freeipa-users
mailing list