[Freeipa-users] clean-ruv
Ludwig Krispenz
lkrispen at redhat.com
Tue Aug 23 08:37:23 UTC 2016
looks like you are searching the nstombstone below "o=ipaca", but you
are cleaning ruvs in "dc=bpt,dc=rocks",
your attrlist_replace error refers to the bpt,rocks backend, so you
should search the tombstone entry ther, then determine which replicaIDs
to remove.
Ludwig
On 08/23/2016 09:20 AM, Ian Harding wrote:
> I've followed the procedure in this thread:
>
> https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html
>
> and found my list of RUV that don't have an existing replica id.
>
> I've tried to remove them like so:
>
> [root at seattlenfs ianh]# ldapmodify -D "cn=directory manager" -W -a
> Enter LDAP Password:
> dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config
> objectclass: top
> objectclass: extensibleObject
> replica-base-dn: dc=bpt,dc=rocks
> replica-id: 97
> replica-force-cleaning: yes
> cn: clean 97
>
> adding new entry "cn=clean 97, cn=cleanallruv, cn=tasks, cn=config"
>
> [root at seattlenfs ianh]# ipa-replica-manage list-clean-ruv
> CLEANALLRUV tasks
> RID 9: Waiting to process all the updates from the deleted replica...
> RID 96: Successfully cleaned rid(96).
> RID 97: Successfully cleaned rid(97).
>
> No abort CLEANALLRUV tasks running
>
>
> and yet, they are still there...
>
> [root at seattlenfs ianh]# ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
> "cn=Directory Manager" -W -b "o=ipaca"
> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
> | grep "nsds50ruv\|nsDS5ReplicaId"
> Enter LDAP Password:
> nsDS5ReplicaId: 81
> nsds50ruv: {replicageneration} 55c8f3ae000000600000
> nsds50ruv: {replica 81 ldap://seattlenfs.bpt.rocks:389}
> 568ac431000000510000 5
> nsds50ruv: {replica 1065 ldap://freeipa-sea.bpt.rocks:389}
> 57b103d400000429000
> nsds50ruv: {replica 1070 ldap://bellevuenfs.bpt.rocks:389}
> 57a4f2700000042e000
> nsds50ruv: {replica 1075 ldap://bpt-nyc1-nfs.bpt.rocks:389}
> 57a478650000043300
> nsds50ruv: {replica 1080 ldap://bellevuenfs.bpt.rocks:389}
> 57a4176700000438000
> nsds50ruv: {replica 1085 ldap://fremontnis.bpt.rocks:389}
> 57a403e60000043d0000
> nsds50ruv: {replica 1090 ldap://freeipa-dal.bpt.rocks:389}
> 57a2dd3500000442000
> nsds50ruv: {replica 1095 ldap://freeipa-sea.bpt.rocks:389}
> 579a963c00000447000
> nsds50ruv: {replica 96 ldap://freeipa-sea.bpt.rocks:389}
> 55c8f3bd000000600000
> nsds50ruv: {replica 86 ldap://fremontnis.bpt.rocks:389}
> 5685b24e000000560000 5
> nsds50ruv: {replica 91 ldap://seattlenis.bpt.rocks:389}
> 567ad6180001005b0000 5
> nsds50ruv: {replica 97 ldap://freeipa-dal.bpt.rocks:389}
> 55c8f3ce000000610000
> nsds50ruv: {replica 76 ldap://bellevuenis.bpt.rocks:389}
> 56f385eb0007004c0000
> nsds50ruv: {replica 71 ldap://bellevuenfs.bpt.rocks:389}
> 57048560000900470000
> nsds50ruv: {replica 66 ldap://bpt-nyc1-nfs.bpt.rocks:389}
> 5733e594000a00420000
> nsds50ruv: {replica 61 ldap://edinburghnfs.bpt.rocks:389}
> 574421250000003d0000
> nsds50ruv: {replica 1195 ldap://edinburghnfs.bpt.rocks:389}
> 57a42390000004ab00
>
> What have I done wrong?
>
> The problem I am trying to solve is that seattlenfs.bpt.rocks sends
> updates to all its children, but their changes don't come back because
> of these errors:
>
> [23/Aug/2016:00:02:16 -0700] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
>
> in effect, the replication agreements are one-way.
>
> Any ideas?
>
> - Ian
>
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander
More information about the Freeipa-users
mailing list