Bret Wortman wrote:
Well, my master ground to a halt and wasn't responding. I rebooted the
system and now I can't access the web UI or ssh to the master either. I
have console access but that's it.
The services all say they're running, but the web UI gives an "Unknown
Error" dialog and ssh fails with "ssh_exchange_identification:
Connection closed by remote host" whenever I try to ssh to ipamaster. I
think something has gone really wrong inside my master. Any ideas? Even
after the reboot, --cleanup isn't helping and just hangs.
The logfiles end (as of the time I ^C'd the process) with:
NSMMReplicationPlugin - agmt="cn=meTogood3.spx.net
<http://meTogood3.spx.net>" (good3:389): Replication bind with GSSAPI
auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure:
GSSAPI Error: Unspecified GSS failure. Minor code may provide more
information (Cannot determine realm for numeric host address))
NSMMReplicationPlugin - CleanAllRUV Task: Replica not online
(agmt="cn=meTogood3.foo.net <http://meTogood3.foo.net>" (good3:389))
NSMMReplicationPlugin - CleanAllRUV Task: Not all replicas online,
retrying in 160 seconds...,
So it looks like it's having trouble talking with one of my replicas and
is doggedly trying to get the job done. Any idea how to get the master
back working again while I troubleshoot this connectivity issue?
That suggests a DNS problem, and it might explain ssh as well depending
on your configuration.
rob
_
_
*Bret Wortman*
http://damascusgrp.com/
http://about.me/wortmanbret
On Mon, Aug 19, 2013 at 11:11 AM, Rob Crittenden <rcrit...@redhat.com
<mailto:rcrit...@redhat.com>> wrote:
Bret Wortman wrote:
How can I tell if this is working? It's been 10 minutes and it
hasn't
returned; IPA response is sluggish and top doesn't show anything
obviously running & sucking up CPU.
It should be nearly instantaneous. It doesn't actually do a lot. It
deletes the master from cn=masters, removes its entries from
S4U2proxy delegation and in newer versions attempts to save its DNA
configuration, if any.
It should be safe to break out of it and re-run it. You may want to
check the 389-ds logs to see what it has already done.
rob
_
_
*Bret Wortman*
http://damascusgrp.com/
http://about.me/wortmanbret
On Mon, Aug 19, 2013 at 10:16 AM, Bret Wortman
<bret.wort...@damascusgrp.com
<mailto:bret.wort...@damascusgrp.com>
<mailto:bret.wortman@__damascusgrp.com
<mailto:bret.wort...@damascusgrp.com>>> wrote:
My replication situation has gotten a bit messed up.
I have four replicas that are up and running and two that
I'm trying
to delete (one is not a replica any more, one didn't
upgrade well
during its fedup upgrade from F17->F18 and as such I had to
do a
clean OS install).
# ipa-replica-manage list
bad1.foo.net <http://bad1.foo.net>
<http://bl-1.com/click/load/__VGVbaVI2BjtTO1ExAjY-b0231
<http://bl-1.com/click/load/VGVbaVI2BjtTO1ExAjY-b0231>>:
master
bad2.foo.net <http://bad2.foo.net>
<http://bl-1.com/click/load/__ADEOPARgATxfN1Q0BjM-b0231
<http://bl-1.com/click/load/ADEOPARgATxfN1Q0BjM-b0231>>:
master
good1.foo.net <http://good1.foo.net> <http://good1.foo.net>: master
good2.foo.net <http://good2.foo.net> <http://good2.foo.net>: master
good3.foo.net <http://good3.foo.net> <http://good3.foo.net>: master
good4.foo.net <http://good4.foo.net> <http://good4.foo.net>: master
# ipa-replica-manage list ipamaster.foo.net
<http://ipamaster.foo.net>
<http://bl-1.com/click/load/__BDUBM1I2UWxfN1c3V2U-b0231
<http://bl-1.com/click/load/BDUBM1I2UWxfN1c3V2U-b0231>>
good1.foo.net <http://good1.foo.net> <http://good1.foo.net>: replica
good2.foo.net <http://good2.foo.net> <http://good2.foo.net>: replica
good3.foo.net <http://good3.foo.net> <http://good3.foo.net>: replica
good4.foo.net <http://good4.foo.net> <http://good4.foo.net>: replica
# ipa-replica-manage del --force bad1.foo.net
<http://bad1.foo.net> <http://bad1.foo.net>
'ipamaster.foo.net <http://ipamaster.foo.net>
<http://ipamaster.foo.net>' has no replication
agreement for 'bad1.foo.net <http://bad1.foo.net>
<http://bad1.foo.net>'
# ipa-replica-manage del --force bad2.foo.net
<http://bad2.foo.net> <http://bad2.foo.net>
'ipamaster.foo.net <http://ipamaster.foo.net>
<http://ipamaster.foo.net>' has no replication
agreement for 'bad2.foo.net <http://bad2.foo.net>
<http://bad2.foo.net>'
#
_
_
What I need to do is remove bad1 completely and then remove
bad2 and
re-add it as a replica. Any ideas?
_
_
*Bret Wortman*
http://damascusgrp.com/
<http://bl-1.com/click/load/__U2JdbwdjBThROQZmAzA-b0231
<http://bl-1.com/click/load/U2JdbwdjBThROQZmAzA-b0231>>
http://about.me/wortmanbret
<http://bl-1.com/click/load/__ATBZa1QwVmsHbwNjVWU-b0231
<http://bl-1.com/click/load/ATBZa1QwVmsHbwNjVWU-b0231>>
_________________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
https://www.redhat.com/__mailman/listinfo/freeipa-users
<https://www.redhat.com/mailman/listinfo/freeipa-users>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
