[Freeipa-users] Again and again... Replication issues

Youenn PIOLET piolet.y at gmail.com
Thu Jun 23 17:13:43 UTC 2016 

Hi there,

## BACKGROUND ##
Due to a huge mess and split brain issues on my 15 server ipa cluster, I
had to manually reset all 14 replicas and clean old ruv on the last server.
After everything seemed clean in LDAP, dse.ldif and other files, I rebuilt
each replica and replication agreements.

If I navigate through my LDAP, I can see in ou=csusers,cn=config the
following things:

Replication Manager *masterAgreement1-*<replicas hostname>-pki-tomcat on
servers that have initialy built replicas
Replication Manager *cloneAgreement1-*<self hostname>-pki-tomcat on servers
that have initialy built replicas

I've got a mesh of replicas (4 agreements per replica).

Centos 7.2, fresh IPA 4.2.0 everywhere

The agreement I generated with ipa-replica-manage connect and
ipa-csreplica-manage connect don't appear in ou=csusers,cn=config. I
supposed that this node is related to first generation of replica
(ipa-replica-prepare, and initial clone process).

## PROBLEM ##
Today everything seems to work except on the master.

I got the following logs on my PKI master server:

> slapi_ldap_bind - Error: could not bind id [cn=replication
> manager,cn=config] authentication mechanism [SIMPLE]: error 32 (No such
> object) errno 0 (Success).


And a few of these in replicas:

> Can't locate CSN 576ba112000004060000 in the changelog (DB rc=-30988). If
> replication stops, the consumer may need to be reinitialized.

 ... this one may be unrelated and liked to network latency I guess.

cn=replication manager,cn=config] doesn't exist on the master... I don't
know why.
The master is actually a promoted replica from my previous cluster.

On the master I can see a :
cn: Replication Manager *cloneAgreement1*-<master self hostname>-pki-tomcat

- What should I do to stop the cn=replication manager,cn=config error
message ?
- Can I safely remove Replication Manager *cloneAgreement1*-<master self
hostname>-pki-tomcat on my master that is not a clone anymore (his own
previous master is destroyed) ?

Thanks by advance,
--
Youenn Piolet
piolet.y at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160623/0d9814f1/attachment.htm>

More information about the Freeipa-users mailing list