[Freeipa-users] Server replication stopped working

Ludwig Krispenz lkrispen at redhat.com
Mon Sep 26 07:42:04 UTC 2016 

On 09/25/2016 09:35 PM, Youenn PIOLET wrote:
> Hi there,
>
> Same issue for me in a my 15 ipa-servers multi-master grid just after 
> the update.
> The replication is completely broken except on 3/15 nodes.
>
> This is the second time I have to fully reinitialize the whole cluster 
> for similar reason. I don't know what to do to clean this mess...
> For more information: this cluster has been initialized on a fedora 
> 4.1.4 more than one year ago then complemetely migrated to Centos 7, 
> IPA 4.2.
what is the exact version of 389-ds-base you are running ?

did these errors come out of the blue or are they related to some 
activities ? The csn which is not found has a timestamp of "Thu, 22 Sep 
2016 15:59:08 GMT" did anything happen around this time ?
>
> Example on fr-master03 error logs:
>
> [25/Sep/2016:19:27:31 +0000] NSMMReplicationPlugin - changelog program 
> - agmt="cn=meTofr-master01.domain" (fr-master01:389): CSN 
> 57e3ffcc0003001a0000 not found, we aren't as up to date, or we purged
> [25/Sep/2016:19:27:31 +0000] NSMMReplicationPlugin - 
> agmt="cn=meTofr-master01.domain" (fr-master01:389): Data required to 
> update replica has been purged. The replica must be reinitialized.
> [25/Sep/2016:19:27:31 +0000] NSMMReplicationPlugin - 
> agmt="cn=meTofr-master01.domain" (fr-master01:389): Incremental update 
> failed and requires administrator action
> ipa: INFO: The ipactl command was successful
> [25/Sep/2016:19:27:35 +0000] agmt="cn=meTofr-master02.domain" 
> (fr-master02:389) - Can't locate CSN 57e3ffcc0003001a0000 in the 
> changelog (DB rc=-30988). If replication stops, the consumer may need 
> to be reinitialized.
> [25/Sep/2016:19:27:35 +0000] NSMMReplicationPlugin - changelog program 
> - agmt="cn=meTofr-master02.domain" (fr-master02:389): CSN 
> 57e3ffcc0003001a0000 not found, we aren't as up to date, or we purged
> [25/Sep/2016:19:27:35 +0000] NSMMReplicationPlugin - 
> agmt="cn=meTofr-master02.domain" (fr-master02:389): Data required to 
> update replica has been purged. The replica must be reinitialized.
> [25/Sep/2016:19:27:35 +0000] NSMMReplicationPlugin - 
> agmt="cn=meTofr-master02.domain" (fr-master02:389): Incremental update 
> failed and requires administrator action
>
> Regards,
>
> --
> Youenn Piolet
> piolet.y at gmail.com <mailto:piolet.y at gmail.com>
> /
> /
>
> 2016-09-23 17:51 GMT+02:00 Mike Driscoll <mike.driscoll at oracle.com 
> <mailto:mike.driscoll at oracle.com>>:
>
>     Hello.  I have four IPA servers replicating in full mesh.  All
>     four servers are running ipa-server-4.2.0-15.0.1.el7_2.19.x86_64.
>
>     This was working for some time but now I see that no replication
>     is occurring automatically at present.
>
>     When I update a user attribute on an IPA server, I see errors like
>     these:
>     [22/Sep/2016:16:53:49 -0700] attrlist_replace - attr_replace
>     (nsslapd-referral, ldap://ldap03.xx.com:389/o%3Dipaca) failed.
>     [22/Sep/2016:16:58:56 -0700] NSMMReplicationPlugin -
>     agmt="cn=masterAgreement1-ldap03.xx.com
>     <http://masteragreement1-ldap03.xx.com>-pki-tomcat" (ldap03:389):
>     Incremental update failed and requires administrator action
>
>     I can reinitialize without errors.
>     ipa-csreplica-manage re-initialize --from=ldap01.xx.com
>     <http://ldap04.us.oracle.com>
>     ipa-replica-manage re-initialize --from=ldap01.xx.com
>     <http://ldap01.xx.com>
>     Afterwards I see my attribute (and other) changes are replicated
>     on each server I re-initialize from.  But subsequently,
>     replication doesn't seem to be happening.
>
>     I reinitialized according to the steps in Table 8.7, "Replication
>     Errors", but subsequent replication isn't occurring.  Any
>     suggestions?  Is it safe to identify one of my four servers as
>     containing up-to-date data, then sever and reinstate replication
>     relationships with the other three?
>
>     Mike
>
>
>
>
>
>
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>     Go to http://freeipa.org for more info on the project
>
>
>
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160926/192ebf3f/attachment.htm>

More information about the Freeipa-users mailing list