On 06/07/2016 06:17 PM, Andy Brittingham wrote:
Hello,
I'm having issues with freeipa replication. Currently we have 4
Freeipa servers, in a master - master relationship with replication
agreements between all servers.
I noticed the replication failure messages in the logs late last week
and upon investigation found stale replication agreements for
ipa servers that had been replaced. Eventually I rebuilt 3 of the 4
servers and re-initialized from the good server.
This morning my main ipa server had the directory service crash. After
we restarted it, ipa-manage-replica --list-ruv showed
entries like these:
unable to decode: {replica 6} 55e49440000000060000 55e49440000000060000
unable to decode: {replica 4} 550b2d9e000200040000 550b2d9e000200040000
this happened when the ruv was recreated after a crash and the changelog
contained references to cleaned RIDs. This is fixed in recent DS
releases, the cleanallruv task now also cleans the changelog.
Which a cleanallruv.pl was able to remove.
We also noticed these log errors:
[07/Jun/2016:07:40:12 -0400] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element
[{replica 1080 ldap://ipa1.p10jax.auth.monetra.com:389}
57506ee6000004380000 57506f06001604380000] which is present in
RUV [database RUV]
[07/Jun/2016:07:40:12 -0400] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element
[{replica 1285 ldap://ipa1.gnv.auth.monetra.com:389}
5734e473000005050000 57361df0000005050000] which is present in
RUV [database RUV]
[07/Jun/2016:07:40:12 -0400] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element
[{replica 1085 ldap://ipa1.p10jax.auth.monetra.com:389}
56d0aa270000043d0000 57489fdd0003043d0000] which is present in
RUV [database RUV]
[07/Jun/2016:07:40:12 -0400] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element
The cleanallruv script had no effect on these errors.
This are not really errors, it only indicates that the changelog does
not (yet) contain chnages for specific RIDs), this could happen if the
changelog was recreated, eg if after a crash it no longer matched the
database. They should go away once the server has received changes for
these RIDs
What is the proper procedure to clean up these stale entries? Is there
something that I may be doing that causes this situation?
Thanks,
Andy
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric
Shander
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
