[Freeipa-users] Zombie Replica !
Prashant Bapat
prashant at apigee.com
Wed Apr 6 10:33:38 UTC 2016
Hi,
We had 4 IPA servers in master master mode with all of them connected to
each other.
IPA1 <----> IPA2 (colo 1)
IPA3 <----> IPA4 (colo 2)
One of the replica servers (IPA2) had to be rebuild.
So I went ahead and used below commands.
ipa-replica-manage disconnect IPA2 IPA3
ipa-replica-manage disconnection IPA2 IPA4
ipa-replica-manage del IPA2 (to remove it on IPA1).
An then ran ipa-server-install --uninstall on IPA2.
Created the replica info file using ipa-replica-prepare IPA2.
When I tried to run ipa-replica-install on IPA2, it says
A replication agreement for this host already exists. It needs to be
removed.
Run this on the master that generated the info file:
% ipa-replica-manage del ipa2.example.net --force
Now on IPA1, no matter what I do it still has references to IPA2.
So far I have tried the following.
1. ipa-replica-manage del --force IPA2
2. ipa-replica-manage del --force --cleanruv IPA2
3. /usr/sbin/cleanallruv.pl -D "cn=directory manager" -w - -b
"dc=example,dc=net" -r 6
Got the rid = 6 by running
ldapsearch -Y GSSAPI -b "dc=example,dc=net"
'(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))'
nsds50ruv
In the directory server logs, I guess its still trying to connect to IPA2
and failing. Below are some lines.
[06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - agmt="cn=
meToipa2.example.net" (ipa2:389): Replication bind with GSSAPI auth failed:
LDAP error -1 (Can't contact LDAP server) ()
[06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - CleanAllRUV Task (rid
6): Replica not online (agmt="cn=meToipa2.example.net" (ipa2:389))
[06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - CleanAllRUV Task (rid
6): Not all replicas online, retrying in 2560 seconds...
Any pointers would be helpful.
Regards.
--Prashant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160406/1fc318f0/attachment.htm>
More information about the Freeipa-users
mailing list