[Freeipa-users] secondary out of sync on DNS again
Outback Dingo
outbackdingo at gmail.com
Wed Jan 11 15:40:55 UTC 2017
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 123.100.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 124.100.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 125.100.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 126.100.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 127.100.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 127.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 254.169.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 2.0.192.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 100.51.198.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 113.0.203.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 255.255.255.255.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: D.F.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 8.E.F.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 9.E.F.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: A.E.F.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: B.E.F.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]:
/etc/named.conf:12: no forwarders seen; disabling forwarding
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: command
channel listening on 127.0.0.1#953
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: command
channel listening on ::1#953
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]:
managed-keys-zone: journal file is out of date: removing journal file
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]:
managed-keys-zone: loaded serial 45
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: shutting down
automatic empty zones to enable forwarding for domain '.'
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: zone
0.in-addr.arpa/IN: loaded serial 0
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: zone
1.0.0.127.in-addr.arpa/IN: loaded serial 0
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: zone
localhost.localdomain/IN: loaded serial 0
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: zone
localhost/IN: loaded serial 0
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
loaded serial 0
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: all zones loaded
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: running
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: LDAP
configuration for instance 'ipa' synchronized
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: GSSAPI client step 1
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: GSSAPI client step 1
Jan 11 08:45:56 ipa2.optimcloud.com systemd[1]: Started Berkeley
Internet Name Domain (DNS) with native PKCS#11.
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: GSSAPI client step 1
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: GSSAPI client step 2
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: LDAP data for
instance 'ipa' are being synchronized, please ignore message 'all
zones loaded'
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: failed to
parse RR entry: resource record DN
'idnsname=_dmarc,idnsname=optimcloud.com.,cn=dns,dc=optimcloud,dc=com':
data '"v=DMARC1; p=reject; rua=mailto:postmaster at optimcloud.com;
ruf=mailto:admin at optimcloud.com': unexpected end of input
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: update_record
(syncrepl) failed, resource record DN
'idnsname=_dmarc,idnsname=optimcloud.com.,cn=dns,dc=optimcloud,dc=com'
change type 0x1. Records can be outdated, run `rndc reload`:
unexpected end of input
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
150.217.162.in-addr.arpa/IN: loaded serial 1484142357
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
150.217.162.in-addr.arpa/IN: sending notifies (serial 1484142357)
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
252.91.54.in-addr.arpa/IN: loaded serial 1484142357
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'ipa.optimcloud.com/A/IN':
2001:500:1::803f:235#53
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'ipa.optimcloud.com/AAAA/IN':
2001:500:1::803f:235#53
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimcloud.com/IN: loaded serial 1484142356
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
252.91.54.in-addr.arpa/IN: sending notifies (serial 1484142357)
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimcloud.com/IN: sending notifies (serial 1484142356)
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimvoice.com/IN: loaded serial 1484142357
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimvoice.com/IN: sending notifies (serial 1484142357)
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
virsum.com/IN: loaded serial 1484142357
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
virsum.com/IN: sending notifies (serial 1484142357)
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: 5 master zones
from LDAP instance 'ipa' loaded (5 zones defined, 0 inactive, 0 failed
to load)
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: checkhints:
unable to get root NS rrset from cache: not found
Jan 11 08:46:02 ipa2.optimcloud.com named-pkcs11[2493]: zone
150.217.162.in-addr.arpa/IN: sending notifies (serial 1484142357)
Jan 11 08:46:02 ipa2.optimcloud.com named-pkcs11[2493]: zone
252.91.54.in-addr.arpa/IN: sending notifies (serial 1484142357)
Jan 11 08:46:02 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimvoice.com/IN: sending notifies (serial 1484142357)
Jan 11 08:46:02 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimcloud.com/IN: sending notifies (serial 1484142356)
Jan 11 08:46:02 ipa2.optimcloud.com named-pkcs11[2493]: zone
virsum.com/IN: sending notifies (serial 1484142357)
Jan 11 09:01:31 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'com/DS/IN': 2001:500:2f::f#53
Jan 11 09:01:31 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving './NS/IN': 2001:500:2f::f#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'com/DS/IN': 2001:7fe::53#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'com/DS/IN': 2001:dc3::35#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'com/DS/IN': 2001:7fd::1#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'com/DS/IN': 2001:503:ba3e::2:30#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving './NS/IN': 2001:7fe::53#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving './NS/IN': 2001:dc3::35#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving './NS/IN': 2001:7fd::1#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving './NS/IN': 2001:503:ba3e::2:30#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'net/DNSKEY/IN': 2001:503:231d::2:30#53
Jan 11 09:29:37 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimcloud.com/IN: sending notifies (serial 1484144977)
Jan 11 09:38:56 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimvoice.com/IN: sending notifies (serial 1484145536)
Jan 11 09:39:28 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimvoice.com/IN: sending notifies (serial 1484145568)
Jan 11 10:03:23 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'yandex.ru/A/IN': 2a02:6b8::1#53
Jan 11 10:03:23 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'yandex.ru/A/IN': 2a02:6b8:0:1::1#53
Jan 11 10:23:12 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving './NS/IN': 2001:7fd::1#53
Jan 11 10:23:12 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'optimvpn.com/ANY/IN': 2001:7fd::1#53
lines 147-209/209 (END)
On Wed, Jan 11, 2017 at 10:33 AM, Martin Basti <mbasti at redhat.com> wrote:
> Please try to create a new test user if it is replicated to other replicas.
>
>
> I see repl. conflicts please try to investigate them, it may cause a missing
> zone
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>
>
> could you check what do you have in journalctl -u named-pkcs11 on replica
> with missing entries?
>
> Martin
>
>
> On 11.01.2017 16:27, Outback Dingo wrote:
>>
>> Not realliy, not like last time but
>> [root at ipa2 ~]# cd ipa_check_consistency/
>> [root at ipa2 ipa_check_consistency]# ./ipa_check_consistency -H
>> ipa2.optimcloud.com -d OPTIMCLOUD.COM
>> Directory Manager password:
>> FreeIPA servers: ipa2 STATE
>> =================================
>> Active Users 1 OK
>> Stage Users 0 OK
>> Preserved Users 0 OK
>> User Groups 4 OK
>> Hosts 8 OK
>> Host Groups 2 OK
>> HBAC Rules 1 OK
>> SUDO Rules 0 OK
>> DNS Zones 26 OK
>> LDAP Conflicts YES FAIL
>> Ghost Replicas NO OK
>> Anonymous BIND YES OK
>> Replication Status ipa 0
>>
>>
>>
>> [07/Jan/2017:23:59:33.034771024 -0500] slapd shutting down - signaling
>> operation threads - op stack size 1 max work q size 3 max work q stack
>> size 3
>> [07/Jan/2017:23:59:33.080148204 -0500] slapd shutting down - waiting
>> for 26 threads to terminate
>> [08/Jan/2017:00:01:43.342292791 -0500] SSL alert: Sending pin request
>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>> provide the password.
>> [08/Jan/2017:00:01:43.348739255 -0500] SSL alert: Security
>> Initialization: Enabling default cipher set.
>> [08/Jan/2017:00:01:43.349917267 -0500] SSL alert: Configured NSS Ciphers
>> [08/Jan/2017:00:01:43.350819261 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>> [08/Jan/2017:00:01:43.352925341 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.354043098 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>> [08/Jan/2017:00:01:43.354944795 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.355929413 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [08/Jan/2017:00:01:43.356793063 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.357650823 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [08/Jan/2017:00:01:43.358754848 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.359655681 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [08/Jan/2017:00:01:43.360741758 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.361650705 -0500] SSL alert:
>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.362718051 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>> [08/Jan/2017:00:01:43.363594439 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [08/Jan/2017:00:01:43.365599343 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.366719360 -0500] SSL alert:
>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.368835924 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>> [08/Jan/2017:00:01:43.370913228 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [08/Jan/2017:00:01:43.372972786 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.375008604 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>> [08/Jan/2017:00:01:43.377060277 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [08/Jan/2017:00:01:43.379147161 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.381215466 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>> [08/Jan/2017:00:01:43.410666701 -0500] SSL Initialization - Configured
>> SSL version range: min: TLS1.0, max: TLS1.2
>> [08/Jan/2017:00:01:43.412541954 -0500] 389-Directory/1.3.5.10
>> B2016.341.2222 starting up
>> [08/Jan/2017:00:01:43.432516181 -0500] default_mr_indexer_create:
>> warning - plugin [caseIgnoreIA5Match] does not handle
>> caseExactIA5Match
>> [08/Jan/2017:00:01:43.455710217 -0500] WARNING: changelog: entry cache
>> size 2097152 B is less than db size 4096000 B; We recommend to
>> increase the entry cache size nsslapd-cachememsize.
>> [08/Jan/2017:00:01:43.461914913 -0500] Detected Disorderly Shutdown
>> last time Directory Server was running, recovering database.
>> [08/Jan/2017:00:01:43.832287548 -0500] schema-compat-plugin -
>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>> server startup!
>> [08/Jan/2017:00:01:43.857795379 -0500] NSACLPlugin - The ACL target
>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.859681661 -0500] NSACLPlugin - The ACL target
>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.861398809 -0500] NSACLPlugin - The ACL target
>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.862632485 -0500] NSACLPlugin - The ACL target
>> ou=sudoers,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.863764066 -0500] NSACLPlugin - The ACL target
>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.864911346 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.866162668 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.869056497 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.870122838 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.871162150 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.872199777 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.873266345 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.874275409 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.875283799 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.876705045 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.878971952 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.887310854 -0500] NSACLPlugin - The ACL target
>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.893215433 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [08/Jan/2017:00:01:43.894306404 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [08/Jan/2017:00:01:44.040102873 -0500] NSACLPlugin - The ACL target
>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>> [08/Jan/2017:00:01:44.047055981 -0500] Skipping CoS Definition
>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>> found, which should be added before the CoS Definition.
>> [08/Jan/2017:00:01:46.066086143 -0500] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>> o=ipaca. Check if DB RUV needs to be updated
>> [08/Jan/2017:00:01:46.067518633 -0500] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>> [08/Jan/2017:00:01:46.068387090 -0500] NSMMReplicationPlugin - Force
>> update of database RUV (from CL RUV) -> 5871c704000000030000
>> [08/Jan/2017:00:01:46.070722883 -0500] set_krb5_creds - Could not get
>> initial credentials for principal
>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>> requested realm)
>> [08/Jan/2017:00:01:46.076708620 -0500] schema-compat-plugin -
>> schema-compat-plugin tree scan will start in about 5 seconds!
>> [08/Jan/2017:00:01:46.087742289 -0500] slapd started. Listening on
>> All Interfaces port 389 for LDAP requests
>> [08/Jan/2017:00:01:46.088722922 -0500] Listening on All Interfaces
>> port 636 for LDAPS requests
>> [08/Jan/2017:00:01:46.089876559 -0500] Listening on
>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>> [08/Jan/2017:00:01:51.085357807 -0500] schema-compat-plugin - warning:
>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>> [11/Jan/2017:08:45:50.482248118 -0500] SSL alert: Sending pin request
>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>> provide the password.
>> [11/Jan/2017:08:45:50.500421947 -0500] SSL alert: Security
>> Initialization: Enabling default cipher set.
>> [11/Jan/2017:08:45:50.501486482 -0500] SSL alert: Configured NSS Ciphers
>> [11/Jan/2017:08:45:50.502444501 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>> [11/Jan/2017:08:45:50.503373927 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.504447585 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>> [11/Jan/2017:08:45:50.505362861 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.506316578 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [11/Jan/2017:08:45:50.507225380 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.508158165 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [11/Jan/2017:08:45:50.509061885 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.510027654 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [11/Jan/2017:08:45:50.510982171 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.511911224 -0500] SSL alert:
>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.512824259 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>> [11/Jan/2017:08:45:50.513759924 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [11/Jan/2017:08:45:50.514686682 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.515605681 -0500] SSL alert:
>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.516543912 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>> [11/Jan/2017:08:45:50.517484957 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [11/Jan/2017:08:45:50.518414104 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.519346616 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>> [11/Jan/2017:08:45:50.520288809 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [11/Jan/2017:08:45:50.521224704 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.522134121 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>> [11/Jan/2017:08:45:50.546659715 -0500] SSL Initialization - Configured
>> SSL version range: min: TLS1.0, max: TLS1.2
>> [11/Jan/2017:08:45:50.548178563 -0500] 389-Directory/1.3.5.10
>> B2016.341.2222 starting up
>> [11/Jan/2017:08:45:50.567253887 -0500] default_mr_indexer_create:
>> warning - plugin [caseIgnoreIA5Match] does not handle
>> caseExactIA5Match
>> [11/Jan/2017:08:45:50.618540589 -0500] WARNING: changelog: entry cache
>> size 2097152 B is less than db size 4096000 B; We recommend to
>> increase the entry cache size nsslapd-cachememsize.
>> [11/Jan/2017:08:45:50.625062302 -0500] Detected Disorderly Shutdown
>> last time Directory Server was running, recovering database.
>> [11/Jan/2017:08:45:51.368172371 -0500] schema-compat-plugin -
>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>> server startup!
>> [11/Jan/2017:08:45:51.408894238 -0500] NSACLPlugin - The ACL target
>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.410251624 -0500] NSACLPlugin - The ACL target
>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.411303020 -0500] NSACLPlugin - The ACL target
>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.412533136 -0500] NSACLPlugin - The ACL target
>> ou=sudoers,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.413625873 -0500] NSACLPlugin - The ACL target
>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.414767038 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.415836754 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.416911317 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.418048547 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.419144396 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.420209379 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.421371442 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.422439127 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.423496808 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.424548663 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.425571511 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.434059704 -0500] NSACLPlugin - The ACL target
>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.446799815 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [11/Jan/2017:08:45:51.447939820 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [11/Jan/2017:08:45:51.603005983 -0500] NSACLPlugin - The ACL target
>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>> [11/Jan/2017:08:45:51.609962438 -0500] Skipping CoS Definition
>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>> found, which should be added before the CoS Definition.
>> [11/Jan/2017:08:45:55.211502712 -0500] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>> o=ipaca. Check if DB RUV needs to be updated
>> [11/Jan/2017:08:45:55.212802169 -0500] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>> [11/Jan/2017:08:45:55.213784972 -0500] NSMMReplicationPlugin - Force
>> update of database RUV (from CL RUV) -> 5871c7bf000200030000
>> [11/Jan/2017:08:45:55.226190891 -0500] set_krb5_creds - Could not get
>> initial credentials for principal
>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>> requested realm)
>> [11/Jan/2017:08:45:55.235585814 -0500] schema-compat-plugin -
>> schema-compat-plugin tree scan will start in about 5 seconds!
>> [11/Jan/2017:08:45:55.246224036 -0500] slapd started. Listening on
>> All Interfaces port 389 for LDAP requests
>> [11/Jan/2017:08:45:55.247206931 -0500] Listening on All Interfaces
>> port 636 for LDAPS requests
>> [11/Jan/2017:08:45:55.248178427 -0500] Listening on
>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>> [11/Jan/2017:08:46:00.243609069 -0500] schema-compat-plugin - warning:
>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>> [11/Jan/2017:08:46:00.268221576 -0500] schema-compat-plugin - warning:
>> no entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
>> [11/Jan/2017:08:46:00.293865724 -0500] schema-compat-plugin - Finished
>> plugin initialization.
>> [11/Jan/2017:10:13:10.814343630 -0500] ipa-topology-plugin -
>> ipa_topo_be_state_changebackend userRoot is going offline; inactivate
>> plugin
>> [11/Jan/2017:10:13:10.816016676 -0500] NSMMReplicationPlugin -
>> multimaster_be_state_change: replica dc=optimcloud,dc=com is going
>> offline; disabling replication
>> [11/Jan/2017:10:13:10.989828406 -0500] WARNING: Import is running with
>> nsslapd-db-private-import-mem on; No other process is allowed to
>> access the database
>> [11/Jan/2017:10:13:13.400691753 -0500] import userRoot: Workers
>> finished; cleaning up...
>> [11/Jan/2017:10:13:13.602133347 -0500] import userRoot: Workers cleaned
>> up.
>> [11/Jan/2017:10:13:13.603143342 -0500] import userRoot: Indexing
>> complete. Post-processing...
>> [11/Jan/2017:10:13:13.604049358 -0500] import userRoot: Generating
>> numsubordinates (this may take several minutes to complete)...
>> [11/Jan/2017:10:13:13.623115593 -0500] import userRoot: Generating
>> numSubordinates complete.
>> [11/Jan/2017:10:13:13.626755066 -0500] import userRoot: Gathering
>> ancestorid non-leaf IDs...
>> [11/Jan/2017:10:13:13.627723269 -0500] import userRoot: Finished
>> gathering ancestorid non-leaf IDs.
>> [11/Jan/2017:10:13:13.629852863 -0500] import userRoot: Creating
>> ancestorid index (new idl)...
>> [11/Jan/2017:10:13:13.639696420 -0500] import userRoot: Created
>> ancestorid index (new idl).
>> [11/Jan/2017:10:13:13.640600762 -0500] import userRoot: Flushing caches...
>> [11/Jan/2017:10:13:13.641480552 -0500] import userRoot: Closing files...
>> [11/Jan/2017:10:13:13.715980315 -0500] import userRoot: Import
>> complete. Processed 669 entries in 3 seconds. (223.00 entries/sec)
>> [11/Jan/2017:10:13:13.728527338 -0500] ipa-topology-plugin -
>> ipa_topo_be_state_change - backend userRoot is coming online; checking
>> domain level and init shared topology
>> [11/Jan/2017:10:13:13.733938688 -0500] NSMMReplicationPlugin -
>> multimaster_be_state_change: replica dc=optimcloud,dc=com is coming
>> online; enabling replication
>> [11/Jan/2017:10:13:13.739807383 -0500] NSMMReplicationPlugin -
>> replica_reload_ruv: Warning: new data for replica dc=optimcloud,dc=com
>> does not match the data in the changelog.
>> Recreating the changelog file. This could affect replication with
>> replica's consumers in which case the consumers should be
>> reinitialized.
>> [11/Jan/2017:10:13:13.763870772 -0500] Skipping CoS Definition
>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>> found, which should be added before the CoS Definition.
>> [11/Jan/2017:10:13:13.765996343 -0500] NSACLPlugin - The ACL target
>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.767033598 -0500] NSACLPlugin - The ACL target
>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.768062467 -0500] NSACLPlugin - The ACL target
>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.769148609 -0500] NSACLPlugin - The ACL target
>> ou=sudoers,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.770167282 -0500] NSACLPlugin - The ACL target
>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.771219502 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.772226730 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.773244095 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.774263646 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.775259783 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.776287349 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.789282141 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.790317167 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.791355826 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.792403901 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.793450557 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.795887627 -0500] NSACLPlugin - The ACL target
>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.805429364 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [11/Jan/2017:10:13:13.806532806 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>>
>> =================================
>>
>> On Wed, Jan 11, 2017 at 10:24 AM, Martin Basti <mbasti at redhat.com> wrote:
>>>
>>>
>>> On 11.01.2017 15:32, Outback Dingo wrote:
>>>>
>>>> not sure why, but the secondary freeipa server is out of sync by a
>>>> long shot now, missing dns domains and A records... tried
>>>> ipa-replica-manage force-sync --from ipa.optimcloud.com
>>>>
>>>> doesnt seem to be working
>>>>
>>>> HELP!
>>>>
>>> Do you see any errors in /var/log/dirsrv/slapd-*/errors on servers?
>>>
>>> Martin
>
>
More information about the Freeipa-users
mailing list