[Freeipa-users] Two masters and one of them is desynchronized
Petr Spacek
pspacek at redhat.com
Wed Aug 24 10:16:44 UTC 2016
Hi,
again, please always keep freeipa-users at redhat.com in Cc of your e-mails. This
is not a private support channel.
Ludwig, do you know if dataversion is expected to be consistent among all
replicas or not? I would not expect consistent values.
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/rootdse-attributes.html#dataversion
did not answer this question. If we find out the right answer we should extend
the description in documentation.
Petr^2 Spacek
On 24.8.2016 12:12, bahan w wrote:
> Re.
>
> I checked the conflicts but I didn't find any between the two servers.
> ###
>
> ldapsearch -x -D "cn=directory manager" -W -b "dc=<MY REALM>"
> "nsds5ReplConflict=*" \* nsds5ReplConflict
> ###
>
> The only thing I see is that one my master is in IPA 3.0.0.42 and another
> is IPA 3.0.0.47.
> The server with a problem of synchronization is 3.0.0.47.
>
> Here is a partial result from the command on each server:
> ###
> ldapsearch -Y GSSAPI -h `hostname` -b "" -s base
> ###
>
> On the server OK
> ###
>
> vendorVersion: 389-Directory/1.2.11.15 B2015.247.1737
> dataversion: 020160823201940
>
> ###
>
>
> On the server with the problem of sync :
>
> ###
>
> vendorVersion: 389-Directory/1.2.11.15 B2015.022.1831
> dataversion: 020160823195011
> ###
>
> Is the field dataversion the timestamp of the last version of the ldap
> database ?
>
> I'm going to increase loglevel to DEBUG this afternoon before anything.
>
> I found this in the red hat doc :
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/ipa-replica-manage.html
>
> ###
> 28.5.4. Reinitializing IdM Servers
> When a replica is first created, the database of the master server is
> copied, completely, over to the replica database. This process is called
> *initialization*. If a server/replica is offline for a long period of time
> or there is some kind of corruption in its database, then the server can be
> re-initialized, with a fresh and updated set of data.
> This is done using the re-initialize command. The target server being
> initialized is the local host. The server or replica from which to pull the
> data to initialize the local database is specified in the --from option:
>
> [root at server ~]# ipa-replica-manage re-initialize --from srv1.example.com
>
> ###
>
> Do you know if it is available in IPA 3.0.0.47 ?
>
> Best regards.
>
> Bahan
>
> On Wed, Aug 24, 2016 at 11:50 AM, bahan w <bahanw042014 at gmail.com> wrote:
>
>> Hello Petr, Orion.
>>
>> I checked the errors log from the dirsrv on both masters and I found
>> nothing related to an error with the replication plugin.
>>
>> I also performed all the tests described in the link Petr provided. Thank
>> you for this. Every one of this command is OK on both masters.
>>
>> I'm checking the access logs from dirsrv now.
>>
>> Any other tracks to follow ? Increase the log level on the replica failing
>> to sync ?
>>
>> Best regards.
>>
>> Bahan
>>
>> On Wed, Aug 24, 2016 at 8:41 AM, Petr Spacek <pspacek at redhat.com> wrote:
>>
>>> On 23.8.2016 22:44, bahan w wrote:
>>>> Hello !
>>>>
>>>> I am using IPA 3.0.0 on RedHat 6.6 servers.
>>>>
>>>> I have two masters and this evening, I realized that one of them was
>>>> desynchronized, some users and groups were missing.
>>>>
>>>> I was wondering if there was an ipa command to resynchronize replica
>>> which
>>>> are not sync with the other ?
>>>
>>> First of all, it is necessary to find out replication does not work.
>>>
>>> Please see
>>> http://www.freeipa.org/page/Troubleshooting#Replication_issues
>>>
>>> --
>>> Petr^2 Spacek
More information about the Freeipa-users
mailing list