[Freeipa-users] Zombie Replica !
Prashant Bapat
prashant at apigee.com
Wed Apr 6 16:47:14 UTC 2016
# ipa-replica-manage list `hostname`
ipa2.example.net: replica
ipa3.example.net: replica
ipa4.example.net: replica
ipa2.example.net should not be there. How do I remove it?
On 6 April 2016 at 18:55, Rob Crittenden <rcritten at redhat.com> wrote:
> Prashant Bapat wrote:
>
>> Hi,
>>
>> We had 4 IPA servers in master master mode with all of them connected to
>> each other.
>>
>> IPA1 <----> IPA2 (colo 1)
>> IPA3 <----> IPA4 (colo 2)
>>
>> One of the replica servers (IPA2) had to be rebuild.
>>
>> So I went ahead and used below commands.
>>
>> ipa-replica-manage disconnect IPA2 IPA3
>> ipa-replica-manage disconnection IPA2 IPA4
>> ipa-replica-manage del IPA2 (to remove it on IPA1).
>>
>> An then ran ipa-server-install --uninstallon IPA2.
>>
>> Created the replica info file using ipa-replica-prepare IPA2.
>>
>> When I tried to run ipa-replica-install on IPA2, it says
>>
>> A replication agreement for this host already exists. It needs to be
>> removed.
>> Run this on the master that generated the info file:
>> % ipa-replica-manage del ipa2.example.net <http://ipa2.example.net>
>> --force
>>
>> Now on IPA1, no matter what I do it still has references to IPA2.
>>
>> So far I have tried the following.
>>
>> 1. ipa-replica-manage del --force IPA2
>> 2. ipa-replica-manage del --force --cleanruv IPA2
>> 3. /usr/sbin/cleanallruv.pl <http://cleanallruv.pl> -D "cn=directory
>> manager" -w - -b "dc=example,dc=net" -r 6
>>
>>
>> Got the rid = 6 by running
>> ldapsearch -Y GSSAPI -b "dc=example,dc=net"
>>
>> '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))'
>> nsds50ruv
>>
>> In the directory server logs, I guess its still trying to connect to
>> IPA2 and failing. Below are some lines.
>>
>> [06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin -
>> agmt="cn=meToipa2.example.net <http://meToipa2.example.net>" (ipa2:389):
>> Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact
>> LDAP server) ()
>> [06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - CleanAllRUV Task
>> (rid 6): Replica not online (agmt="cn=meToipa2.example.net
>> <http://meToipa2.example.net>" (ipa2:389))
>> [06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - CleanAllRUV Task
>> (rid 6): Not all replicas online, retrying in 2560 seconds...
>>
>> Any pointers would be helpful.
>>
>
> On ipa1 run:
>
> % ipa-replica-manage list -v `hostname`
>
> This will give the list of actual agreements and their status.
>
> rob
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160406/fedf0889/attachment.htm>
More information about the Freeipa-users
mailing list