Hello all,
Like a case of herpes, I'm back!
Anyways, I was hoping some lingering questions could be answered
regarding some visible entries via ldapsearch, which manifest a
removed replica's hostname [1].
Running the ipa-replica-manage and ipa-csreplica-manage commands do
not show the host in question any longer, but when I run a few
directory searches on each replica using the commands below:
# ldapsearch -Y GSSAPI -o ldif-wrap=no -h localhost -D "cn=directory
manager" -b "cn=config" objectclass=nsds5replica
# ldapsearch -Y GSSAPI -o ldif-wrap=no -h localhost -D "cn=directory
manager" -b "cn=config" objectclass=nsds5replicationagreement
I'm able to see the old host on the master, but not on the replicas. See below.
# master, replica id 4:
ldapsearch -Y GSSAPI -o ldif-wrap=no -h localhost -D "cn=directory
manager" -b "cn=config" objectclass=nsds5replica|grep oldhost
nsDS5ReplicaBindDN:
krbprincipalname=ldap/oldhost.dom.dom....@dom.dom.dom,cn=services,cn=accounts,dc=dom,dc=dom,dc=dom
ldapsearch -Y GSSAPI -o ldif-wrap=no -h localhost -D "cn=directory
manager" -b "cn=config" objectclass=nsds5replicationagreement|grep
oldhost
nsds50ruv: {replica 24 ldap://oldhost.dom.dom.dom:389}
5447f252000000180000 5447f861000000180000
nsruvReplicaLastModified: {replica 24 ldap://oldhost.dom.dom.dom:389} 00000000
nsds50ruv: {replica 24 ldap://oldhost.dom.dom.dom:389}
5447f252000000180000 5447f56b000200180000
nsruvReplicaLastModified: {replica 24 ldap://oldhost.dom.dom.dom:389} 00000000
It's listed twice due to the other hosts in the topology.
# replica id 22
ldapsearch -Y GSSAPI -o ldif-wrap=no -h localhost -D "cn=directory
manager" -b "cn=config" objectclass=nsds5replica|grep oldhost
ldapsearch -Y GSSAPI -o ldif-wrap=no -h localhost -D "cn=directory
manager" -b "cn=config" objectclass=nsds5replicationagreement|grep
oldhost
# replica id 21
ldapsearch -Y GSSAPI -o ldif-wrap=no -h localhost -D "cn=directory
manager" -b "cn=config" objectclass=nsds5replica|grep oldhost
ldapsearch -Y GSSAPI -o ldif-wrap=no -h localhost -D "cn=directory
manager" -b "cn=config" objectclass=nsds5replicationagreement|grep
oldhost
The other two replicas no longer have the reference to the old host
after the CLEANALLRUV and CLEANRUV tasks performed by ldapmodify. I
then read via [2] that the dse.ldif could be manually edited to remove
references, but I'm not sure if that should be done if the general
opinion is that the old references aren't going to cause a problem.
Based upon the information above, is having a reference to the hold
host via the ldapsearch outputs above going to be a problem? If the
entry shouldn't be there, should the ldapmodify be performed against
the
"cn=meTomaster.dom.dom.dom,cn=replica,cn=dc\3Ddom\2Cdc\3Ddom\2Cdc\3Ddom,cn=mapping
tree,cn=config" bases?
For reference, these are the commands I ran to get to state [1]:
# master
ldapmodify -x -W -h localhost -D "cn=directory manager" <<EOF
dn: cn=replica,cn=dc\3Ddom\2Cdc\3Ddom\2Cdc\3Ddom,cn=mapping tree,cn=config
changetype: modify
replace: nsds5task
nsds5task: CLEANALLRUV24
EOF
ldapmodify -a -x -W -h localhost -D "cn=directory manager" <<EOF
dn: cn=abort 24,cn=abort cleanallruv,cn=tasks,cn=config
objectclass: extensibleObject
cn: abort 24
replica-base-dn: dc=dom,dc=dom,dc=dom
replica-id: 24
EOF
ldapmodify -h localhost -p 389 -x -W -D "cn=directory manager" <<EOF
dn: cn=clean 97,cn=cleanallruv,cn=tasks,cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
replica-base-dn: dc=dom,dc=dom,dc=dom
replica-id: 97
cn: clean 97
EOF
# single host which hung on CLEANALLRUV
ldapmodify -a -x -W -h localhost -D "cn=directory manager" <<EOF
dn: cn=replica,cn=dc\3Ddom\2Cdc\3Ddom\2Cdc\3Ddom,cn=mapping tree,cn=config
changetype: modify
replace: nsds5task
nsds5task: CLEANRUV24
EOF
[1] https://www.redhat.com/archives/freeipa-users/2016-August/msg00331.html
[2] https://www.redhat.com/archives/freeipa-users/2015-June/msg00382.html
Thanks!
John DeSantis
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
