[Freeipa-users] Zombie Replica !
Prashant Bapat
prashant at apigee.com
Thu Apr 7 05:23:16 UTC 2016
What I have done now was to add a new server, ipa02 and configured
replication again and things are fine.
However on IPA1 the 389 ds error logs have reference to the dead ipa2
replica.
[07/Apr/2016:04:13:11 +0000] NSMMReplicationPlugin - agmt="cn=
meToipa2.example.net" (ipa2:389): Replication bind with GSSAPI auth failed:
LDAP error -1 (Can't contact LDAP server) ()
[07/Apr/2016:04:13:11 +0000] NSMMReplicationPlugin - Abort CleanAllRUV Task
(rid 6): Failed to connect to replica(agmt="cn=meToipa2.example.net"
(ipa2:389)).
[07/Apr/2016:04:13:11 +0000] NSMMReplicationPlugin - Abort CleanAllRUV Task
(rid 6): Retrying in 14400 seconds
It will never be able to connect to ipa2 as its gone permanently. Also
the ipa-replica-manage
list `hostname` command still shows the ipa2 as replica.
How to remove this permanently ???
Thanks.
--Prashant
On 6 April 2016 at 22:17, Prashant Bapat <prashant at apigee.com> wrote:
> # ipa-replica-manage list `hostname`
> ipa2.example.net: replica
> ipa3.example.net: replica
> ipa4.example.net: replica
>
> ipa2.example.net should not be there. How do I remove it?
>
> On 6 April 2016 at 18:55, Rob Crittenden <rcritten at redhat.com> wrote:
>
>> Prashant Bapat wrote:
>>
>>> Hi,
>>>
>>> We had 4 IPA servers in master master mode with all of them connected to
>>> each other.
>>>
>>> IPA1 <----> IPA2 (colo 1)
>>> IPA3 <----> IPA4 (colo 2)
>>>
>>> One of the replica servers (IPA2) had to be rebuild.
>>>
>>> So I went ahead and used below commands.
>>>
>>> ipa-replica-manage disconnect IPA2 IPA3
>>> ipa-replica-manage disconnection IPA2 IPA4
>>> ipa-replica-manage del IPA2 (to remove it on IPA1).
>>>
>>> An then ran ipa-server-install --uninstallon IPA2.
>>>
>>> Created the replica info file using ipa-replica-prepare IPA2.
>>>
>>> When I tried to run ipa-replica-install on IPA2, it says
>>>
>>> A replication agreement for this host already exists. It needs to be
>>> removed.
>>> Run this on the master that generated the info file:
>>> % ipa-replica-manage del ipa2.example.net <http://ipa2.example.net>
>>> --force
>>>
>>> Now on IPA1, no matter what I do it still has references to IPA2.
>>>
>>> So far I have tried the following.
>>>
>>> 1. ipa-replica-manage del --force IPA2
>>> 2. ipa-replica-manage del --force --cleanruv IPA2
>>> 3. /usr/sbin/cleanallruv.pl <http://cleanallruv.pl> -D "cn=directory
>>> manager" -w - -b "dc=example,dc=net" -r 6
>>>
>>>
>>> Got the rid = 6 by running
>>> ldapsearch -Y GSSAPI -b "dc=example,dc=net"
>>>
>>> '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))'
>>> nsds50ruv
>>>
>>> In the directory server logs, I guess its still trying to connect to
>>> IPA2 and failing. Below are some lines.
>>>
>>> [06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin -
>>> agmt="cn=meToipa2.example.net <http://meToipa2.example.net>" (ipa2:389):
>>> Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact
>>> LDAP server) ()
>>> [06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - CleanAllRUV Task
>>> (rid 6): Replica not online (agmt="cn=meToipa2.example.net
>>> <http://meToipa2.example.net>" (ipa2:389))
>>> [06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - CleanAllRUV Task
>>> (rid 6): Not all replicas online, retrying in 2560 seconds...
>>>
>>> Any pointers would be helpful.
>>>
>>
>> On ipa1 run:
>>
>> % ipa-replica-manage list -v `hostname`
>>
>> This will give the list of actual agreements and their status.
>>
>> rob
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160407/0ab736f3/attachment.htm>
More information about the Freeipa-users
mailing list