Re: [Freeipa-users] Sudden replication failure
On 08/18/2015 08:39 PM, Martin Kosek wrote: On 08/10/2015 10:05 PM, Burke Rosen wrote: Hello, I'm running two replicated freeIPA servers. One of them spontaneously failed. After taking the misbehaving server down, the remaining replicant handled everything fine. I restored the system to its original working state by uninstalling ipa-server from the non-functional server and re-replicating from the working server. All is well, but I am trying to figure out what might have caused the problem in the first place. Below are first few (presumably) relevant lines of the the error log. Can someone help me interpret them? Thank you, -Burke Rosen This line is interesting: [08/Aug/2015:04:11:06 -0700] repl_version_plugin_recv_acquire_cb - [file ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing replication. This server: "2010061412" remote server: "(null)". But I wonder how it is possible this was triggered, we did not bump the data version in IPA Replica version plugin since 2010 as you can see. So for some reason, it seems that the version was not passed correctly when the connection between replicas was being established. I guess we will not find out the root cause, given you successfully rebuilt the server. I am still CCing Ludwig and Thierry for reference. Hello, The DS master (or replica) sent a start-replication session with an empty GUID payload (added by ipa plugin). It should happen if you mixed DS and/or IPA version, is it the case ? thanks thierry -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Sudden replication failure
On 08/10/2015 10:05 PM, Burke Rosen wrote: Hello, I'm running two replicated freeIPA servers. One of them spontaneously failed. After taking the misbehaving server down, the remaining replicant handled everything fine. I restored the system to its original working state by uninstalling ipa-server from the non-functional server and re-replicating from the working server. All is well, but I am trying to figure out what might have caused the problem in the first place. Below are first few (presumably) relevant lines of the the error log. Can someone help me interpret them? Thank you, -Burke Rosen This line is interesting: [08/Aug/2015:04:11:06 -0700] repl_version_plugin_recv_acquire_cb - [file ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing replication. This server: "2010061412" remote server: "(null)". But I wonder how it is possible this was triggered, we did not bump the data version in IPA Replica version plugin since 2010 as you can see. So for some reason, it seems that the version was not passed correctly when the connection between replicas was being established. I guess we will not find out the root cause, given you successfully rebuilt the server. I am still CCing Ludwig and Thierry for reference. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Sudden replication failure
Hello, I'm running two replicated freeIPA servers. One of them spontaneously failed. After taking the misbehaving server down, the remaining replicant handled everything fine. I restored the system to its original working state by uninstalling ipa-server from the non-functional server and re-replicating from the working server. All is well, but I am trying to figure out what might have caused the problem in the first place. Below are first few (presumably) relevant lines of the the error log. Can someone help me interpret them? Thank you, -Burke Rosen [08/Aug/2015:04:11:06 -0700] repl_version_plugin_recv_acquire_cb - [file ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing replication. This server: "2010061412" remote server: "(null)". [08/Aug/2015:04:11:08 -0700] NSMMReplicationPlugin - agmt="cn=meToip133.kmlab.local" (ip133:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [08/Aug/2015:04:11:12 -0700] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [08/Aug/2015:04:11:12 -0700] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -1 (Can't contact LDAP server) [08/Aug/2015:04:11:18 -0700] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [08/Aug/2015:04:11:19 -0700] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -1 (Can't contact LDAP server) [08/Aug/2015:04:11:30 -0700] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [08/Aug/2015:04:11:30 -0700] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -1 (Can't contact LDAP server) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
