Hello, On Fri, Aug 11, 2017 at 4:33 AM, grace rante thompson via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: > > I'm having problems with replication on my two node ipa cluster (left-right, > right-left) so I tried to re-initialize my replica. > > [root@idm02 ~]# ipa topologysegment-find domain ----------------- 1 segment > matched ----------------- Segment name: idm01.domain.com-to-idm02.domain.com > Left node: idm01.domain.com Right node: idm02.domain.com Connectivity: > left-right ---------------------------- Number of entries returned 1
Having 1 segment with only left-right direction means that only one direction of replication works. IPA by default doesn't offer to create such segment. It by default creates segments with direction "both". This issue is then reported in following `ipa topologysuffix-verify` command. Question is how it got into this state. Was it an upgrade from older version? Anyway, instead of reinitializing, I'd first try to add the second part of segment. So that it can replicate in both ways. If the replicas doesn't contain the same data and replication fails then reinitialization might be the thing to do. I'd try (not sure if it works): $ ipa topologysegment-mod dm01.domain.com-to-idm02.domain.com --setattr=iparepltoposegmentdirection=both Other workaround/fix which would require a 3rd server though would be to create segments between the other servers, remove this segment and then recreate this segment. In any way it is worth to look into /var/log/dirsrv/$instance/errors log on both servers to check any errors or to check reinitialization progres. > ---------------------------- [root@idm01 ~]# ipa topologysuffix-verify > domain ======================================================== Replication > topology of suffix "domain" contains errors. > ======================================================== > ------------------------ Topology is disconnected ------------------------ > Server idm02.domain.com can't contact servers: idm01.domain.com > [root@idm01 ~]# ipa topologysegment-reinitialize --right Suffix name: domain > Segment name: idm01.domain.com-to-idm02.domain.com > -------------------------------------------------------------------------------------------------------- > Replication refresh for segment: "idm01.domain.com-to-idm02.domain.com" > requested. > -------------------------------------------------------------------------------------------------------- > How do I proceed? i cant find any online documentation on using the new > topology commands > $ ipa help topology https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-topology.html -- Petr Vobornik _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
