[Freeipa-users] Replica Problem (Errors)

Ludwig Krispenz lkrispen at redhat.com
Tue Oct 25 15:20:44 UTC 2016 

On 10/25/2016 04:41 PM, Günther J. Niederwimmer wrote:
> Hello Ludwig,
>
> Thanks for the answer and help,
>
> Am Montag, 24. Oktober 2016, 14:16:23 schrieb Ludwig Krispenz:
>> On 10/24/2016 01:21 PM, Günther J. Niederwimmer wrote:
>>> Am Montag, 24. Oktober 2016, 09:53:21 schrieb Ludwig Krispenz:
>>>> On 10/23/2016 03:01 PM, Günther J. Niederwimmer wrote:
>>>>> I have added on my ipa (Master) Server this user and ACI with a ldif
>>>>> file
>>>>>
>>>>> This Ends with a
>>>>> modifying entry "cn=users,cn=accounts,dc=example,dc=com"
>>>> these changes are not related to the errors you report below (I would be
>>>> really surprised) and you only need to apply them on one server, that's
>>>> what replication is good for.
>>>>
>>>> There are a couple of different types of messages:
>>>> - failed to delete changelog record: this is from retro changelog
>>>> trimming, when miscalculation of the starting point for trimming starts
>>>> with changenumber lower than what's in the retro changelog.
>>>> In my experience this can happen after a crash/kill/reboot and should
>>>> stop after som time
>>> OK, nothing to do ;-).
>>>
>>>> - attrlist_replace errors: looks like you have recreated a replica on a
>>>> machine and not cleaned the RUV, please see:
>>>> http://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records
>>> I don't have add or remove a replica ? this two servers running now I mean
>>> over three month ?
>> that is strange, could you perform step 1] and 2] of this recipe:
>> https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html
>> but add the option "-o ldif-wrap=no" to the ldapsearch to get the full ruv
> OK.
> The first is
>
> ipa-csreplica-manage list
> Directory Manager password:
>
> ipa.example.com: master
> ipa1.example.com: master
>
> The second is:
> nsDS5ReplicaId: 96
> nsds50ruv: {replicageneration} 5706b1a3000000600000
> nsds50ruv: {replica 96 ldap://ipa.example.com:389} 5706b1ab000000600000
> 580f6a5f000000600000
> nsds50ruv: {replica 91 ldap://ipa1.example.com:389} 5714ad010000005b0000
> 575c65140005005b0000
> nsds50ruv: {replica 97 ldap://ipa1.example.com:389} 5706b1bd000000610000
> 570803a9000000610000
you should do the same search on ipa1, it looks like you have to 
replicaids: 91 and 97 for the sane server: ipa1.example.com
from the timestamps in the RUV I think you recreated the instance on 
ipa1 between Apr,8th and Apr,18th and since then have this in teh RUV. 
but it looks like changes on ipa1 for the o=ipaca suffix are rare (ruv 
output from ipa1 would tell more) and maybe missed the error messages so 
far.

I would suggest you follow the next steps in the doc abou cleaning the 
no longer active replicaID from the ruv
>
> The domain is changed !!
>   
>>> The last I remember I add a 3rd Party Certificate ?
>>>
>>> but I don't found before so much Errors :-(.
>>>
>>> Is there a possible way to check a freeIPA Installation, to find out for a
>>> "normal" user to have a consistent System ?
>>>
>>>> - keep-alive already exists: this is also an indication of a new
>>>> replica, the keep alive entry was in the database, but the supplier
>>>> tries to send it again, this should also disappear once some real
>>>> changes from replica 4 are replicated
>>>>
>>>>> but now I have on the changed master this 100... Errors
>>>>>
>>>>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord:
>>>>> could
>>>>> not delete change record 396504 (rc: 32)
>>>>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord:
>>>>> could
>>>>> not delete change record 396505 (rc: 32)
>>>>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord:
>>>>> could
>>>>> not delete change record 396506 (rc: 32)
>>>>> [23/Oct/2016:13:37:08 +0200] NSMMReplicationPlugin - replication keep
>>>>> alive
>>>>> entry <cn=repl keep alive 4,dc=example,dc=com> already exists
>>>>>
>>>>> and on the replica (Master) this  1000....Errors
>>>>>
>>>>> [23/Oct/2016:13:42:50 +0200] DSRetroclPlugin - delete_changerecord:
>>>>> could
>>>>> not delete change record 240846 (rc: 32)
>>>>> What is wrong with my changes, or have I to add my changes also on the
>>>>> Replicas ?
>>>>>
>>>>> Thanks for a answer,

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander

More information about the Freeipa-users mailing list