On 09/04/2014 05:11 PM, Guillermo Fuentes wrote:
Hello list,
We’re running FreeIPA with a master and 3 replicas. The replication
stopped working and currently we’re adding resources only to the
master. This is the environment we have:
m1:
OS: CentOS release 6.5
FreeIPA: 3.0.0-37
Update:
m2 and m3 are now in sync!
After making sure ldapsearch was working both ways (m1=m2 and
m1=m3) using the server's keytabs (/etc/dirsrv/ds.keytab) for
getting the ticket, I re-initialize both replicas and they were able
to get updated:
@m2 # ipa-replica-manage re-initialize --from
Good to hear Guillermo, I am glad you are back up and running. I am just
curious, what as the root cause of your replication errors in the end? I did
not catch that from the thread. Is it something we can fix in FreeIPA or is it
just a configuration error?
Thanks,
Martin
On 09/05/2014 08:06
Hi Martin,
That's a good question! We're not sure what was the root cause of the
replication errors.
When we realized the replication wasn't happening, we had recently
updated FreeIPA from 3.0.0-36 to 3.0.0-37 (on CentOS 6.5) and we had
shutdown m1 and m2 in order to do a snapshot of the VMs.
Hello list,
We’re running FreeIPA with a master and 3 replicas. The replication
stopped working and currently we’re adding resources only to the
master. This is the environment we have:
m1:
OS: CentOS release 6.5
FreeIPA: 3.0.0-37
CA: pki-ca-9.0.3
# ipa-replica-manage list -v `hostname`
I should add that we already tried everything at
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
On Thu, Sep 4, 2014 at 11:11 AM, Guillermo Fuentes
sudo ipa-replica-conncheck --replica
for all replicas comes back with
...
The following UDP ports could not be verified as open: 88, 464
This can happen if they are already bound to an application
and ipa-replica-conncheck cannot attach own UDP responder.
Connection from master to replica is
