Hola,

On Wed, 8 Nov 2017, Lachlan Musicman via FreeIPA-users wrote:

I'm still trying to wrap my head around the master-replica concept.

From what I read in the documentation (Chapter 4 of https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/
)

the replica should be able to take over as master should master go offline.

Our replica was set up with CA & without DNS - the same as master, and it seems to be working on the whole.

The problem I'm having is in the replication. create user on master:

ipa user-add master_test_user --first=MT --last=ML

create user on replica:

ipa user-add replica_test_user --first=RT --last=RL

find user on master:

[root@vmpr-linuxidm ~]# ipa user-find test_user
---------------
2 users matched
---------------
[...]
find user on replica:
[root@vmdr-linuxidm ~]# ipa user-find test_user
--------------
1 user matched
--------------
[...]
If I run ipa user-add on the replica, I see it upstream on master, but if I run ipa add-user on the master, that's not replicated down to the replica.

Also, ipa user-del (even with --no-preserve) works on master, but doesn't delete the user on the replica.

What has gone wrong?

I had something similar recently (replica not "talking" to master). It turned out that replication refused to work in both directions for reasons still unknown to me. Finally, i had to reinstall my replica (ipa-replica-install --setup-ca) to make replication work again:

---
root@poolsrv:~# ipa topologysegment-find
Suffix name: domain
-----------------
1 segment matched
-----------------
  Segment name: o201.example.org-to-poolsrv.example.org
  Left node: o201.example.org
  Right node: poolsrv.example.org
  Connectivity: both
----------------------------
Number of entries returned 1
----------------------------
root@poolsrv:~# ipa topologysegment-find
Suffix name: ca
-----------------
1 segment matched
-----------------
  Segment name: o201.example.org-to-poolsrv.example.org
  Left node: o201.example.org
  Right node: poolsrv.example.org
  Connectivity: both
----------------------------
Number of entries returned 1
----------------------------
---

"Connectivity" is now "both" but used to be "left-right". I also had a lot of errors in the poolsrv (replica) directory server log referring to NSMMReplicationPlugin. You may want to check this in order to diagnose the problem.

Maybe, the augurs know a better way to fix this than to reinstall.


Mit freundlichen Gruessen/With best regards,

--Daniel.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to