[Freeipa-users] Server replication stopped working

Youenn PIOLET piolet.y at gmail.com
Sun Sep 25 19:35:11 UTC 2016 

Hi there,

Same issue for me in a my 15 ipa-servers multi-master grid just after the
update.
The replication is completely broken except on 3/15 nodes.

This is the second time I have to fully reinitialize the whole cluster for
similar reason. I don't know what to do to clean this mess...
For more information: this cluster has been initialized on a fedora 4.1.4
more than one year ago then complemetely migrated to Centos 7, IPA 4.2.

Example on fr-master03 error logs:

[25/Sep/2016:19:27:31 +0000] NSMMReplicationPlugin - changelog program -
agmt="cn=meTofr-master01.domain" (fr-master01:389): CSN
57e3ffcc0003001a0000 not found, we aren't as up to date, or we purged
[25/Sep/2016:19:27:31 +0000] NSMMReplicationPlugin -
agmt="cn=meTofr-master01.domain" (fr-master01:389): Data required to update
replica has been purged. The replica must be reinitialized.
[25/Sep/2016:19:27:31 +0000] NSMMReplicationPlugin -
agmt="cn=meTofr-master01.domain" (fr-master01:389): Incremental update
failed and requires administrator action
ipa: INFO: The ipactl command was successful
[25/Sep/2016:19:27:35 +0000] agmt="cn=meTofr-master02.domain"
(fr-master02:389) - Can't locate CSN 57e3ffcc0003001a0000 in the changelog
(DB rc=-30988). If replication stops, the consumer may need to be
reinitialized.
[25/Sep/2016:19:27:35 +0000] NSMMReplicationPlugin - changelog program -
agmt="cn=meTofr-master02.domain" (fr-master02:389): CSN
57e3ffcc0003001a0000 not found, we aren't as up to date, or we purged
[25/Sep/2016:19:27:35 +0000] NSMMReplicationPlugin -
agmt="cn=meTofr-master02.domain" (fr-master02:389): Data required to update
replica has been purged. The replica must be reinitialized.
[25/Sep/2016:19:27:35 +0000] NSMMReplicationPlugin -
agmt="cn=meTofr-master02.domain" (fr-master02:389): Incremental update
failed and requires administrator action

Regards,

--
Youenn Piolet
piolet.y at gmail.com


2016-09-23 17:51 GMT+02:00 Mike Driscoll <mike.driscoll at oracle.com>:

> Hello.  I have four IPA servers replicating in full mesh.  All four
> servers are running ipa-server-4.2.0-15.0.1.el7_2.19.x86_64.
>
> This was working for some time but now I see that no replication is
> occurring automatically at present.
>
> When I update a user attribute on an IPA server, I see errors like these:
> [22/Sep/2016:16:53:49 -0700] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ldap03.xx.com:389/o%3Dipaca) failed.
> [22/Sep/2016:16:58:56 -0700] NSMMReplicationPlugin - agmt="cn=
> masterAgreement1-ldap03.xx.com <http://masteragreement1-ldap03.xx.com>
> -pki-tomcat" (ldap03:389): Incremental update failed and requires
> administrator action
>
> I can reinitialize without errors.
> ipa-csreplica-manage re-initialize --from=ldap01.xx.com
> <http://ldap04.us.oracle.com>
> ipa-replica-manage re-initialize --from=ldap01.xx.com
> Afterwards I see my attribute (and other) changes are replicated on each
> server I re-initialize from.  But subsequently, replication doesn’t seem to
> be happening.
>
> I reinitialized according to the steps in Table 8.7, “Replication Errors”,
> but subsequent replication isn’t occurring.  Any suggestions?  Is it safe
> to identify one of my four servers as containing up-to-date data, then
> sever and reinstate replication relationships with the other three?
>
> Mike
>
>
>
>
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160925/125ea1e9/attachment.htm>

More information about the Freeipa-users mailing list