Ok, so removing all replicas + uninstall and remove all ruv (except master) via cleanruv script seems to works. Thanks everybody for help, I'll try it in production now
Vasek On Tue, May 5, 2015 at 4:49 PM, Mark Reynolds <marey...@redhat.com> wrote: > > > On 05/05/2015 07:49 AM, Ludwig Krispenz wrote: > >> >> On 05/05/2015 01:27 PM, Martin Kosek wrote: >> >>> On 05/05/2015 12:38 PM, Vaclav Adamec wrote: >>> >>>> Hi, >>>> I tried migrate to newest version IPA, but result is quite unstable >>>> and >>>> removing old replicas ends with RUV which cannot be decoded (it stucked >>>> in >>>> queue forever): >>>> >>>> ipa-replica-manage del ipa-master-dmz002.test.com -fc >>>> Cleaning a master is irreversible. >>>> This should not normally be require, so use cautiously. >>>> Continue to clean master? [no]: yes >>>> >>>> ipa-replica-manage list-ruv >>>> unable to decode: {replica 8} 55091239000400080000 55091239000400080000 >>>> unable to decode: {replica 7} 552f84cd000300070000 552f84cd000300070000 >>>> unable to decode: {replica 11} 551a42f70000000b0000 551aa3140001000b0000 >>>> unable to decode: {replica 15} 551e82e10001000f0000 551e82e10001000f0000 >>>> unable to decode: {replica 14} 551e82ec0001000e0000 551e82ec0001000e0000 >>>> unable to decode: {replica 20} 552f4b72000600140000 552f4b72000600140000 >>>> unable to decode: {replica 10} 551a25af0001000a0000 551a25af0001000a0000 >>>> unable to decode: {replica 3} 551e864c000300030000 551e864c000300030000 >>>> unable to decode: {replica 5} 55083ad2000300050000 55083ad2000300050000 >>>> unable to decode: {replica 9} 550913e7000000090000 550913e7000000090000 >>>> unable to decode: {replica 19} 55210193000300130000 55210193000300130000 >>>> unable to decode: {replica 12} 551a48290000000c0000 551a48c50000000c0000 >>>> ipa-master-dmz001.test.com:389: 25 >>>> ipa-master-dmz002.test.com:389: 21 >>>> >>>> it is possible to clear this queue and leave only valid servers ? >>>> >>>> Thanks in advance >>>> >>>> ipa-client-4.1.0-18.el7_1.3.x86_64 >>>> ipa-server-4.1.0-18.el7_1.3.x86_64 >>>> >>> Ludwig or Thierry, do you know? The questions about RUV cleaning seems >>> to be >>> recurring, I suspect there will be a pattern (bug) and not just >>> configuration >>> issue. >>> >> we have seen this in a recent thread, and it is clear that the RUV is >> corrupted and cannot be decoded, but we don't have a scenario how this is >> state is reached. >> > The cleaning task (cleanAllRUV) can remove these invalid replica RUVs > (RUV's missing the ldap URL). To reproduce these "invalid" RUV's it > requires replication being disabled and re-enabled with a different replica > id. > > To manually clean these invalid RUV elements, outside of using the IPA > CLI, you can directly issue the cleanAllRUV task to the Directory Server > using ldapmodify: > > # ldapmodify -D "cn=directory manager" -W -a > dn: cn=clean 8, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=example,dc=com > replica-id: 8 > cn: clean 8 > > Run these one at a time, as there is a current limit of running 4 > concurrent tasks. It is best to monitor the Directory Server errors log, > or search on the task entry itself, to see when it has finished before > firing off the next task. > > For more on using cleanAllRUV see: > > http://www.port389.org/docs/389ds/howto/howto-cleanruv.html#cleanallruv > http://www.port389.org/docs/389ds/design/cleanallruv-design.html > > Regards, > Mark > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -- -- May the fox be with you ... /\ (~( ) ) /\_/\ (_=---_(@ @) ( \ / /|/----\|\ V " " " "
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project