[Freeipa-users] replicas removed, but incorrectly

[Natxo Asenjo]

On Mon, Sep 26, 2016 at 1:54 PM, Natxo Asenjo <natxo.asenjo at gmail.com>
wrote:

>
>
>
> On Mon, Sep 26, 2016 at 1:50 PM, Ludwig Krispenz <lkrispen at redhat.com>
> wrote:
>
>>
>> On 09/26/2016 01:36 PM, Natxo Asenjo wrote:
>>
>> And in my example, the replica id would be 66, 96, 71 and 97, correct?
>>
>> no, I don't think so. you searched 2 times the same host "-h
>> kdc04.unix.iriszorg.nl".
>> you need to search on kdc03 to find the current replicaid of kdc03 and
>> you have to keep it.
>>
>
>
> yes, you are right :(
>
>  $ ldapsearch -Z -h kdc03.unix.iriszorg.nl -D "cn=Directory Manager" -W
> -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
> | grep "nsds50ruv\|nsDS5ReplicaId"
> Enter LDAP Password:
> nsDS5ReplicaId: 66
> nsds50ruv: {replicageneration} 50c1015c000000600000
> nsds50ruv: {replica 66 ldap://kdc03.unix.iriszorg.nl:389}
> 57e23f66000000420000
> nsds50ruv: {replica 1095 ldap://kdc04.unix.iriszorg.nl:389}
> 57e4d75a0000044700
> nsds50ruv: {replica 96 ldap://kdc01.unix.iriszorg.nl:7389}
> 50c1016c00000060000
> nsds50ruv: {replica 71 ldap://kdc03.unix.iriszorg.nl:389}
> 57e140c7000000470000
> nsds50ruv: {replica 97 ldap://kdc02.unix.iriszorg.nl:7389}
> 50c1016800000061000
>
>
> so I need to keep 66 and 1095, and run the task on 96, 71 and 97, it would
> seem.
>
> Thanks for spotting my error.
>


ok, so I have now run the commands against both ldap hosts (the kdc03 and
the kdc04), and now I have this:

 # ldapsearch -Z -h kdc04.unix.iriszorg.nl -D "cn=Directory Manager" -W -b
"o=ipaca"
"(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
| grep "nsds50ruv\|nsDS5ReplicaId"
Enter LDAP Password:
nsDS5ReplicaId: 1095
nsds50ruv: {replicageneration} 50c1015c000000600000
nsds50ruv: {replica 1095 ldap://kdc04.unix.iriszorg.nl:389}
57e4d75a0000044700
nsds50ruv: {replica 66 ldap://kdc03.unix.iriszorg.nl:389}
57e23f66000000420000

# ldapsearch -Z -h kdc03.unix.iriszorg.nl -D "cn=Directory Manager" -W -b
"o=ipaca"
"(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
| grep "nsds50ruv\|nsDS5ReplicaId"
Enter LDAP Password:
nsDS5ReplicaId: 66
nsds50ruv: {replicageneration} 50c1015c000000600000
nsds50ruv: {replica 66 ldap://kdc03.unix.iriszorg.nl:389}
57e23f66000000420000
nsds50ruv: {replica 1095 ldap://kdc04.unix.iriszorg.nl:389}
57e4d75a0000044700
nsds50ruv: {replica 96 ldap://kdc01.unix.iriszorg.nl:7389}
50c1016c00000060000
nsds50ruv: {replica 71 ldap://kdc03.unix.iriszorg.nl:389}
57e140c7000000470000
nsds50ruv: {replica 97 ldap://kdc02.unix.iriszorg.nl:7389}
50c1016800000061000

so the command has not been successful in the kdc03. in the dirsrv errors
log  I see:

[26/Sep/2016:14:50:54 +0200] NSMMReplicationPlugin - CleanAllRUV Task (rid
71): Not all replicas online, retrying in 640 seconds...
[26/Sep/2016:14:51:00 +0200] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport
endpoint is not connected)

but those replicas are gone (decommissioned). So how can I remove them?


-- 
regards,
Natxo





-- 
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160926/91518d13/attachment.htm>