Hi Ludwig, Version: 389-ds-base-1.3.4.0-33.el7_2.x86_64
The timestamp probably matches the last time I've done a ipa-replica-manage re-initialize. I have to do it every day (many times a day actually!), as replication is broken, This CSN changes all the time. My main goal is to rebuilt everything from a clean base. I've got no master without errors. What is the easiest way to rebuilt everything? ipa-[cs]replica-manage re-initialize isn't very effective. Thanks by advance, Regards -- Youenn Piolet [email protected] 2016-09-26 9:42 GMT+02:00 Ludwig Krispenz <[email protected]>: > > On 09/25/2016 09:35 PM, Youenn PIOLET wrote: > > Hi there, > > Same issue for me in a my 15 ipa-servers multi-master grid just after the > update. > The replication is completely broken except on 3/15 nodes. > > This is the second time I have to fully reinitialize the whole cluster for > similar reason. I don't know what to do to clean this mess... > For more information: this cluster has been initialized on a fedora 4.1.4 > more than one year ago then complemetely migrated to Centos 7, IPA 4.2. > > what is the exact version of 389-ds-base you are running ? > > did these errors come out of the blue or are they related to some > activities ? The csn which is not found has a timestamp of "Thu, 22 Sep > 2016 15:59:08 GMT" did anything happen around this time ? > > > Example on fr-master03 error logs: > > [25/Sep/2016:19:27:31 +0000] NSMMReplicationPlugin - changelog program - > agmt="cn=meTofr-master01.domain" (fr-master01:389): CSN > 57e3ffcc0003001a0000 not found, we aren't as up to date, or we purged > [25/Sep/2016:19:27:31 +0000] NSMMReplicationPlugin - > agmt="cn=meTofr-master01.domain" (fr-master01:389): Data required to > update replica has been purged. The replica must be reinitialized. > [25/Sep/2016:19:27:31 +0000] NSMMReplicationPlugin - > agmt="cn=meTofr-master01.domain" (fr-master01:389): Incremental update > failed and requires administrator action > ipa: INFO: The ipactl command was successful > [25/Sep/2016:19:27:35 +0000] agmt="cn=meTofr-master02.domain" > (fr-master02:389) - Can't locate CSN 57e3ffcc0003001a0000 in the changelog > (DB rc=-30988). If replication stops, the consumer may need to be > reinitialized. > [25/Sep/2016:19:27:35 +0000] NSMMReplicationPlugin - changelog program - > agmt="cn=meTofr-master02.domain" (fr-master02:389): CSN > 57e3ffcc0003001a0000 not found, we aren't as up to date, or we purged > [25/Sep/2016:19:27:35 +0000] NSMMReplicationPlugin - > agmt="cn=meTofr-master02.domain" (fr-master02:389): Data required to > update replica has been purged. The replica must be reinitialized. > [25/Sep/2016:19:27:35 +0000] NSMMReplicationPlugin - > agmt="cn=meTofr-master02.domain" (fr-master02:389): Incremental update > failed and requires administrator action > > Regards, > > -- > Youenn Piolet > [email protected] > > > 2016-09-23 17:51 GMT+02:00 Mike Driscoll <[email protected]>: > >> Hello. I have four IPA servers replicating in full mesh. All four >> servers are running ipa-server-4.2.0-15.0.1.el7_2.19.x86_64. >> >> This was working for some time but now I see that no replication is >> occurring automatically at present. >> >> When I update a user attribute on an IPA server, I see errors like these: >> [22/Sep/2016:16:53:49 -0700] attrlist_replace - attr_replace >> (nsslapd-referral, ldap://ldap03.xx.com:389/o%3Dipaca) failed. >> [22/Sep/2016:16:58:56 -0700] NSMMReplicationPlugin - agmt="cn= >> masterAgreement1-ldap03.xx.com <http://masteragreement1-ldap03.xx.com> >> -pki-tomcat" (ldap03:389): Incremental update failed and requires >> administrator action >> >> I can reinitialize without errors. >> ipa-csreplica-manage re-initialize --from=ldap01.xx.com >> <http://ldap04.us.oracle.com> >> ipa-replica-manage re-initialize --from=ldap01.xx.com >> Afterwards I see my attribute (and other) changes are replicated on each >> server I re-initialize from. But subsequently, replication doesn’t seem to >> be happening. >> >> I reinitialized according to the steps in Table 8.7, “Replication >> Errors”, but subsequent replication isn’t occurring. Any suggestions? Is >> it safe to identify one of my four servers as containing up-to-date data, >> then sever and reinstate replication relationships with the other three? >> >> Mike >> >> >> >> >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > > > > > -- > Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, > Commercial register: Amtsgericht Muenchen, HRB 153243, > Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, > Eric Shander > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
