Other possibility is to try the same change but directly in ldap using ldap-mod. The dn of segment can be displayed by `ipa topologysegment-show $segmen --all` command.
On Fri, Aug 11, 2017 at 3:39 PM, grace rante thompson <graz...@gmail.com> wrote: > Hi Petr, > > It was upgraded from Domain 0 to Domain 1. > > I tried $ ipa topologysegment-mod dm01.domain.com-to-idm02.domain.com > --setattr=iparepltoposegmentdirection=both > Segment name: domain > ipa: ERROR: invalid 'iparepltoposegmentdirection': attribute is not > configurable > > > > On Fri, Aug 11, 2017 at 2:24 AM, Petr Vobornik <pvobo...@redhat.com> wrote: >> >> Hello, >> >> On Fri, Aug 11, 2017 at 4:33 AM, grace rante thompson via >> FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: >> > >> > I'm having problems with replication on my two node ipa cluster >> > (left-right, >> > right-left) so I tried to re-initialize my replica. >> > >> > [root@idm02 ~]# ipa topologysegment-find domain ----------------- 1 >> > segment >> > matched ----------------- Segment name: >> > idm01.domain.com-to-idm02.domain.com >> > Left node: idm01.domain.com Right node: idm02.domain.com Connectivity: >> > left-right ---------------------------- Number of entries returned 1 >> >> Having 1 segment with only left-right direction means that only one >> direction of replication works. IPA by default doesn't offer to create >> such segment. It by default creates segments with direction "both". >> >> This issue is then reported in following `ipa topologysuffix-verify` >> command. >> >> Question is how it got into this state. Was it an upgrade from older >> version? >> >> Anyway, instead of reinitializing, I'd first try to add the second >> part of segment. So that it can replicate in both ways. If the >> replicas doesn't contain the same data and replication fails then >> reinitialization might be the thing to do. >> >> I'd try (not sure if it works): >> >> $ ipa topologysegment-mod dm01.domain.com-to-idm02.domain.com >> --setattr=iparepltoposegmentdirection=both >> >> >> Other workaround/fix which would require a 3rd server though would be >> to create segments between the other servers, remove this segment and >> then recreate this segment. >> >> In any way it is worth to look into /var/log/dirsrv/$instance/errors >> log on both servers to check any errors or to check reinitialization >> progres. >> >> >> > ---------------------------- [root@idm01 ~]# ipa topologysuffix-verify >> > domain ======================================================== >> > Replication >> > topology of suffix "domain" contains errors. >> > ======================================================== >> > ------------------------ Topology is disconnected >> > ------------------------ >> > Server idm02.domain.com can't contact servers: idm01.domain.com >> > [root@idm01 ~]# ipa topologysegment-reinitialize --right Suffix name: >> > domain >> > Segment name: idm01.domain.com-to-idm02.domain.com >> > >> > -------------------------------------------------------------------------------------------------------- >> > Replication refresh for segment: "idm01.domain.com-to-idm02.domain.com" >> > requested. >> > >> > -------------------------------------------------------------------------------------------------------- >> > How do I proceed? i cant find any online documentation on using the new >> > topology commands >> > >> >> $ ipa help topology >> >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-topology.html >> >> -- >> Petr Vobornik > > -- Petr Vobornik Associate Manager, Engineering, Identity Management Red Hat _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
