Prashant Bapat wrote:
Hi,

We had 4 IPA servers in master master mode with all of them connected to
each other.

IPA1 <---->  IPA2 (colo 1)
IPA3 <---->  IPA4 (colo 2)

One of the replica servers (IPA2) had to be rebuild.

So I went ahead and used below commands.

ipa-replica-manage disconnect IPA2 IPA3
ipa-replica-manage disconnection IPA2 IPA4
ipa-replica-manage del IPA2 (to remove it on IPA1).

An then ran ipa-server-install --uninstallon IPA2.

Created the replica info file using ipa-replica-prepare IPA2.

When I tried to run ipa-replica-install on IPA2, it says

A replication agreement for this host already exists. It needs to be
removed.
Run this on the master that generated the info file:
     % ipa-replica-manage del ipa2.example.net <http://ipa2.example.net>
--force

Now on IPA1, no matter what I do it still has references to IPA2.

So far I have tried the following.

 1. ipa-replica-manage del --force IPA2
 2. ipa-replica-manage del --force --cleanruv IPA2
 3. /usr/sbin/cleanallruv.pl <http://cleanallruv.pl> -D "cn=directory
    manager" -w - -b "dc=example,dc=net" -r 6


Got the rid = 6 by running
ldapsearch -Y GSSAPI -b "dc=example,dc=net"
'(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))'
nsds50ruv

In the directory server logs, I guess its still trying to connect to
IPA2 and failing. Below are some lines.

[06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin -
agmt="cn=meToipa2.example.net <http://meToipa2.example.net>" (ipa2:389):
Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact
LDAP server) ()
[06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - CleanAllRUV Task
(rid 6): Replica not online (agmt="cn=meToipa2.example.net
<http://meToipa2.example.net>" (ipa2:389))
[06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - CleanAllRUV Task
(rid 6): Not all replicas online, retrying in 2560 seconds...

Any pointers would be helpful.

On ipa1 run:

% ipa-replica-manage list -v `hostname`

This will give the list of actual agreements and their status.

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to