Hi there, ## BACKGROUND ## Due to a huge mess and split brain issues on my 15 server ipa cluster, I had to manually reset all 14 replicas and clean old ruv on the last server. After everything seemed clean in LDAP, dse.ldif and other files, I rebuilt each replica and replication agreements.
If I navigate through my LDAP, I can see in ou=csusers,cn=config the following things: Replication Manager *masterAgreement1-*<replicas hostname>-pki-tomcat on servers that have initialy built replicas Replication Manager *cloneAgreement1-*<self hostname>-pki-tomcat on servers that have initialy built replicas I've got a mesh of replicas (4 agreements per replica). Centos 7.2, fresh IPA 4.2.0 everywhere The agreement I generated with ipa-replica-manage connect and ipa-csreplica-manage connect don't appear in ou=csusers,cn=config. I supposed that this node is related to first generation of replica (ipa-replica-prepare, and initial clone process). ## PROBLEM ## Today everything seems to work except on the master. I got the following logs on my PKI master server: > slapi_ldap_bind - Error: could not bind id [cn=replication > manager,cn=config] authentication mechanism [SIMPLE]: error 32 (No such > object) errno 0 (Success). And a few of these in replicas: > Can't locate CSN 576ba112000004060000 in the changelog (DB rc=-30988). If > replication stops, the consumer may need to be reinitialized. ... this one may be unrelated and liked to network latency I guess. cn=replication manager,cn=config] doesn't exist on the master... I don't know why. The master is actually a promoted replica from my previous cluster. On the master I can see a : cn: Replication Manager *cloneAgreement1*-<master self hostname>-pki-tomcat - What should I do to stop the cn=replication manager,cn=config error message ? - Can I safely remove Replication Manager *cloneAgreement1*-<master self hostname>-pki-tomcat on my master that is not a clone anymore (his own previous master is destroyed) ? Thanks by advance, -- Youenn Piolet piole...@gmail.com
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project