[Freeipa-users] Zombie Replica !

[Prashant Bapat]

Hi,

We had 4 IPA servers in master master mode with all of them connected to
each other.

IPA1 <---->  IPA2 (colo 1)

IPA3 <---->  IPA4 (colo 2)

One of the replica servers (IPA2) had to be rebuild.

So I went ahead and used below commands.

ipa-replica-manage disconnect IPA2 IPA3
ipa-replica-manage disconnection IPA2 IPA4
ipa-replica-manage del IPA2 (to remove it on IPA1).

An then ran ipa-server-install --uninstall on IPA2.

Created the replica info file using ipa-replica-prepare IPA2.

When I tried to run ipa-replica-install on IPA2, it says

A replication agreement for this host already exists. It needs to be
removed.
Run this on the master that generated the info file:
    % ipa-replica-manage del ipa2.example.net --force

Now on IPA1, no matter what I do it still has references to IPA2.

So far I have tried the following.


   1. ipa-replica-manage del --force IPA2
   2. ipa-replica-manage del --force --cleanruv IPA2
   3. /usr/sbin/cleanallruv.pl -D "cn=directory manager" -w - -b
   "dc=example,dc=net" -r 6


Got the rid = 6 by running
ldapsearch -Y GSSAPI -b "dc=example,dc=net"
'(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))'
nsds50ruv

In the directory server logs, I guess its still trying to connect to IPA2
and failing. Below are some lines.

[06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - agmt="cn=
meToipa2.example.net" (ipa2:389): Replication bind with GSSAPI auth failed:
LDAP error -1 (Can't contact LDAP server) ()
[06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - CleanAllRUV Task (rid
6): Replica not online (agmt="cn=meToipa2.example.net" (ipa2:389))
[06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - CleanAllRUV Task (rid
6): Not all replicas online, retrying in 2560 seconds...

Any pointers would be helpful.

Regards.
--Prashant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160406/1fc318f0/attachment.htm>