Hi Petr, It was upgraded from Domain 0 to Domain 1.
I tried $ ipa topologysegment-mod dm01.domain.com-to-idm02.domain.com --setattr=iparepltoposegmentdirection=both Segment name: domain ipa: ERROR: invalid 'iparepltoposegmentdirection': attribute is not configurable On Fri, Aug 11, 2017 at 2:24 AM, Petr Vobornik <pvobo...@redhat.com> wrote: > Hello, > > On Fri, Aug 11, 2017 at 4:33 AM, grace rante thompson via > FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: > > > > I'm having problems with replication on my two node ipa cluster > (left-right, > > right-left) so I tried to re-initialize my replica. > > > > [root@idm02 ~]# ipa topologysegment-find domain ----------------- 1 > segment > > matched ----------------- Segment name: idm01.domain.com-to-idm02. > domain.com > > Left node: idm01.domain.com Right node: idm02.domain.com Connectivity: > > left-right ---------------------------- Number of entries returned 1 > > Having 1 segment with only left-right direction means that only one > direction of replication works. IPA by default doesn't offer to create > such segment. It by default creates segments with direction "both". > > This issue is then reported in following `ipa topologysuffix-verify` > command. > > Question is how it got into this state. Was it an upgrade from older > version? > > Anyway, instead of reinitializing, I'd first try to add the second > part of segment. So that it can replicate in both ways. If the > replicas doesn't contain the same data and replication fails then > reinitialization might be the thing to do. > > I'd try (not sure if it works): > > $ ipa topologysegment-mod dm01.domain.com-to-idm02.domain.com > --setattr=iparepltoposegmentdirection=both > > > Other workaround/fix which would require a 3rd server though would be > to create segments between the other servers, remove this segment and > then recreate this segment. > > In any way it is worth to look into /var/log/dirsrv/$instance/errors > log on both servers to check any errors or to check reinitialization > progres. > > > > ---------------------------- [root@idm01 ~]# ipa topologysuffix-verify > > domain ======================================================== > Replication > > topology of suffix "domain" contains errors. > > ======================================================== > > ------------------------ Topology is disconnected > ------------------------ > > Server idm02.domain.com can't contact servers: idm01.domain.com > > [root@idm01 ~]# ipa topologysegment-reinitialize --right Suffix name: > domain > > Segment name: idm01.domain.com-to-idm02.domain.com > > ------------------------------------------------------------ > -------------------------------------------- > > Replication refresh for segment: "idm01.domain.com-to-idm02.domain.com" > > requested. > > ------------------------------------------------------------ > -------------------------------------------- > > How do I proceed? i cant find any online documentation on using the new > > topology commands > > > > $ ipa help topology > > https://access.redhat.com/documentation/en-US/Red_Hat_ > Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_ > Guide/managing-topology.html > > -- > Petr Vobornik >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
