<div dir="ltr">Hi Ludwig,<div><br></div><div>Version:<br>389-ds-base-1.3.4.0-33.el7_2.x86_64<br></div><div><br></div><div>The timestamp probably matches the last time I've done a ipa-replica-manage re-initialize.</div><div>I have to do it every day (many times a day actually!), as replication is broken, This CSN changes all the time.</div><div><br></div><div>My main goal is to rebuilt everything from a clean base.</div><div>I've got no master without errors.</div><div><br></div><div>What is the easiest way to rebuilt everything?</div><div>ipa-[cs]replica-manage re-initialize isn't very effective.</div><div><br></div><div>Thanks by advance,</div><div>Regards</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><font face="arial, helvetica, sans-serif"><div><span style="font-family:arial"><font face="arial, helvetica, sans-serif"><div>--</div><div><font color="#666666">Youenn Piolet</font></div><div><font size="1" color="#999999"><a href="mailto:piolet.y@gmail.com" target="_blank">piolet.y@gmail.com</a></font></div><div style="font-size:large"><span style="font-size:small"><span style="font-family:arial"><div><font face="tahoma, sans-serif"><span style="font-family:arial,verdana,tahoma,sans-serif;font-size:11px"><span style="font-family:tahoma,sans-serif;font-size:small"><font color="#666666"><span style="color:rgb(142,142,142);font-family:arial,verdana,tahoma,sans-serif;font-size:11px"><em><br></em></span></font></span></span></font></div><font color="#8E8E8E" face="arial, verdana, tahoma, sans-serif"></font></span><font color="#8E8E8E" face="arial, verdana, tahoma, sans-serif"></font><font color="#8E8E8E" face="arial, verdana, tahoma, sans-serif"></font></span></div></font></span></div></font></div></div>
<br><div class="gmail_quote">2016-09-26 9:42 GMT+02:00 Ludwig Krispenz <span dir="ltr"><<a href="mailto:lkrispen@redhat.com" target="_blank">lkrispen@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class="">
<br>
<div>On 09/25/2016 09:35 PM, Youenn PIOLET
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi there,
<div><br>
<div>Same issue for me in a my 15 ipa-servers multi-master
grid just after the update.</div>
<div>The replication is completely broken except on 3/15
nodes.</div>
<div><br>
</div>
<div>This is the second time I have to fully reinitialize the
whole cluster for similar reason. I don't know what to do to
clean this mess...</div>
<div>For more information: this cluster has been initialized
on a fedora 4.1.4 more than one year ago then complemetely
migrated to Centos 7, IPA 4.2.</div>
</div>
</div>
</blockquote></span>
what is the exact version of 389-ds-base you are running ?<br>
<br>
did these errors come out of the blue or are they related to some
activities ? The csn which is not found has a timestamp of "Thu, 22
Sep 2016 15:59:08 GMT" did anything happen around this time ?<div><div class="h5"><br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div><br>
</div>
<div>Example on fr-master03 error logs:</div>
<div><br>
</div>
<div>
<div>[25/Sep/2016:19:27:31 +0000] NSMMReplicationPlugin -
changelog program - agmt="cn=meTofr-master01.<wbr>domain"
(fr-master01:389): CSN 57e3ffcc0003001a0000 not found, we
aren't as up to date, or we purged</div>
<div>[25/Sep/2016:19:27:31 +0000] NSMMReplicationPlugin -
agmt="cn=meTofr-master01.<wbr>domain" (fr-master01:389): Data
required to update replica has been purged. The replica
must be reinitialized.</div>
<div>[25/Sep/2016:19:27:31 +0000] NSMMReplicationPlugin -
agmt="cn=meTofr-master01.<wbr>domain" (fr-master01:389):
Incremental update failed and requires administrator
action</div>
<div>ipa: INFO: The ipactl command was successful</div>
<div>[25/Sep/2016:19:27:35 +0000]
agmt="cn=meTofr-master02.<wbr>domain" (fr-master02:389) - Can't
locate CSN 57e3ffcc0003001a0000 in the changelog (DB
rc=-30988). If replication stops, the consumer may need to
be reinitialized.<br>
</div>
<div>[25/Sep/2016:19:27:35 +0000] NSMMReplicationPlugin -
changelog program - agmt="cn=meTofr-master02.<wbr>domain"
(fr-master02:389): CSN 57e3ffcc0003001a0000 not found, we
aren't as up to date, or we purged</div>
<div>[25/Sep/2016:19:27:35 +0000] NSMMReplicationPlugin -
agmt="cn=meTofr-master02.<wbr>domain" (fr-master02:389): Data
required to update replica has been purged. The replica
must be reinitialized.</div>
<div>[25/Sep/2016:19:27:35 +0000] NSMMReplicationPlugin -
agmt="cn=meTofr-master02.<wbr>domain" (fr-master02:389):
Incremental update failed and requires administrator
action</div>
<div><br>
</div>
</div>
<div>Regards,</div>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div data-smartmail="gmail_signature"><font face="arial, helvetica, sans-serif">
<div><span style="font-family:arial"><font face="arial,
helvetica, sans-serif">
<div>--</div>
<div><font color="#666666">Youenn Piolet</font></div>
<div><font color="#999999" size="1"><a href="mailto:piolet.y@gmail.com" target="_blank">piolet.y@gmail.com</a></font></div>
<div style="font-size:large"><span style="font-size:small"><span style="font-family:arial">
<div><font face="tahoma, sans-serif"><span style="font-family:arial,verdana,tahoma,sans-serif;font-size:11px"><span style="font-family:tahoma,sans-serif;font-size:small"><font color="#666666"><span style="color:rgb(142,142,142);font-family:arial,verdana,tahoma,sans-serif;font-size:11px"><em><br>
</em></span></font></span></span></font></div>
</span></span></div>
</font></span></div>
</font></div>
</div>
<br>
<div class="gmail_quote">2016-09-23 17:51 GMT+02:00 Mike
Driscoll <span dir="ltr"><<a href="mailto:mike.driscoll@oracle.com" target="_blank">mike.driscoll@oracle.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">
<div>Hello. I have four IPA servers replicating in full
mesh. All four servers are running
ipa-server-4.2.0-15.0.1.el7_2.<wbr>19.x86_64.</div>
<div><br>
</div>
<div>This was working for some time but now I see that no
replication is occurring automatically at present.</div>
<div><br>
</div>
<div>When I update a user attribute on an IPA server, I
see errors like these:</div>
<div>[22/Sep/2016:16:53:49 -0700] attrlist_replace
- attr_replace (nsslapd-referral, <a>ldap://ldap03.xx.com:389/o%3Di<wbr>paca</a>)
failed.</div>
<div>[22/Sep/2016:16:58:56 -0700] NSMMReplicationPlugin -
agmt="cn=<a href="http://masteragreement1-ldap03.xx.com" target="_blank">masterAgreement1-ldap<wbr>03.xx.com</a>-pki-tomcat" (ldap03:<wbr>389):
Incremental update failed and requires administrator
action</div>
<div><br>
</div>
<div>I can reinitialize without errors.</div>
<div>ipa-csreplica-manage re-initialize --from=<a href="http://ldap04.us.oracle.com" target="_blank">ldap01.xx.com</a></div>
<div>ipa-replica-manage re-initialize --from=<a href="http://ldap01.xx.com" target="_blank">ldap01.xx.com</a></div>
<div>Afterwards I see my attribute (and other) changes are
replicated on each server I re-initialize from. But
subsequently, replication doesn’t seem to be happening.</div>
<div><br>
</div>
<div>I reinitialized according to the steps in Table 8.7,
“Replication Errors”, but subsequent replication isn’t
occurring. Any suggestions? Is it safe to identify one
of my four servers as containing up-to-date data, then
sever and reinstate replication relationships with the
other three?</div>
<span><font color="#888888">
<div><br>
</div>
<div>Mike</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</font></span></div>
<br>
--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailman<wbr>/listinfo/freeipa-users</a><br>
Go to <a href="http://freeipa.org" rel="noreferrer" target="_blank">http://freeipa.org</a>
for more info on the project<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
</div></div><span class="HOEnZb"><font color="#888888"><pre cols="72">--
Red Hat GmbH, <a href="http://www.de.redhat.com/" target="_blank">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander</pre>
</font></span></div>
<br>--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/<wbr>mailman/listinfo/freeipa-users</a><br>
Go to <a href="http://freeipa.org" rel="noreferrer" target="_blank">http://freeipa.org</a> for more info on the project<br></blockquote></div><br></div>