On 05/05/2015 07:49 AM, Ludwig Krispenz wrote:

On 05/05/2015 01:27 PM, Martin Kosek wrote:
On 05/05/2015 12:38 PM, Vaclav Adamec wrote:
Hi,
I tried migrate to newest version IPA, but result is quite unstable and removing old replicas ends with RUV which cannot be decoded (it stucked in
queue forever):

ipa-replica-manage del ipa-master-dmz002.test.com -fc
Cleaning a master is irreversible.
This should not normally be require, so use cautiously.
Continue to clean master? [no]: yes

ipa-replica-manage list-ruv
unable to decode: {replica 8} 55091239000400080000 55091239000400080000
unable to decode: {replica 7} 552f84cd000300070000 552f84cd000300070000
unable to decode: {replica 11} 551a42f70000000b0000 551aa3140001000b0000 unable to decode: {replica 15} 551e82e10001000f0000 551e82e10001000f0000 unable to decode: {replica 14} 551e82ec0001000e0000 551e82ec0001000e0000 unable to decode: {replica 20} 552f4b72000600140000 552f4b72000600140000 unable to decode: {replica 10} 551a25af0001000a0000 551a25af0001000a0000
unable to decode: {replica 3} 551e864c000300030000 551e864c000300030000
unable to decode: {replica 5} 55083ad2000300050000 55083ad2000300050000
unable to decode: {replica 9} 550913e7000000090000 550913e7000000090000
unable to decode: {replica 19} 55210193000300130000 55210193000300130000 unable to decode: {replica 12} 551a48290000000c0000 551a48c50000000c0000
ipa-master-dmz001.test.com:389: 25
ipa-master-dmz002.test.com:389: 21

it is possible to clear this queue and leave only valid servers ?

Thanks in advance

ipa-client-4.1.0-18.el7_1.3.x86_64
ipa-server-4.1.0-18.el7_1.3.x86_64
Ludwig or Thierry, do you know? The questions about RUV cleaning seems to be recurring, I suspect there will be a pattern (bug) and not just configuration
issue.
we have seen this in a recent thread, and it is clear that the RUV is corrupted and cannot be decoded, but we don't have a scenario how this is state is reached.
The cleaning task (cleanAllRUV) can remove these invalid replica RUVs (RUV's missing the ldap URL). To reproduce these "invalid" RUV's it requires replication being disabled and re-enabled with a different replica id.

To manually clean these invalid RUV elements, outside of using the IPA CLI, you can directly issue the cleanAllRUV task to the Directory Server using ldapmodify:

# ldapmodify -D "cn=directory manager" -W -a
dn: cn=clean 8, cn=cleanallruv, cn=tasks, cn=config
objectclass: extensibleObject
replica-base-dn: dc=example,dc=com
replica-id: 8
cn: clean 8

Run these one at a time, as there is a current limit of running 4 concurrent tasks. It is best to monitor the Directory Server errors log, or search on the task entry itself, to see when it has finished before firing off the next task.

For more on using cleanAllRUV see:

http://www.port389.org/docs/389ds/howto/howto-cleanruv.html#cleanallruv
http://www.port389.org/docs/389ds/design/cleanallruv-design.html

Regards,
Mark

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to