[Freeipa-users] Re: Something amiss with my replication

[Bret Wortman via FreeIPA-users]

One had a clock skew error (fixed), but the other non-CA replica shows:

ipa3.spx.net: 
(https://link.getmailspring.com/link/4df1decf-2f35-4b06-867d-0b760f235...@getmailspring.com/0?redirect=ipa3.spx.net%3A&recipient=ZnJlZWlwYS11c2Vyc0BsaXN0cy5mZWRvcmFob3N0ZWQub3Jn)
 replica
last init status: None
last init ended: 1970-01-01 00:00:00+00:00
last update status: Error (3) Replication error acquiring replica: Unable to 
acquire replica: permission denied. The bind dn does not have permission to 
supply replication updates to the replica. Will retry later. (permission denied)

Do I need to re-init this replica from scratch (as in, remove it, unbind it 
from the servers, re-add it as a client and then re-promote it)?

Bret Wortman
Founder, Damascus Products, LLC

855-644-2783 (tel:855-644-2783) | b...@wrapbuddies.co 
(https://link.getmailspring.com/link/4df1decf-2f35-4b06-867d-0b760f235...@getmailspring.com/1?redirect=mailto%3Abret%40wrapbuddies.co&recipient=ZnJlZWlwYS11c2Vyc0BsaXN0cy5mZWRvcmFob3N0ZWQub3Jn)

http://wrapbuddies.co/ 
(https://link.getmailspring.com/link/4df1decf-2f35-4b06-867d-0b760f235...@getmailspring.com/2?redirect=http%3A%2F%2Fwrapbuddies.co%2F&recipient=ZnJlZWlwYS11c2Vyc0BsaXN0cy5mZWRvcmFob3N0ZWQub3Jn)

70 Main St. Suite 23 Warrenton, VA 20186

On Mar 26 2019, at 8:47 am, Rob Crittenden <rcrit...@redhat.com> wrote:
> Bret Wortman via FreeIPA-users wrote:
> > Looks like I've somehow managed to get my 3 IPA servers out of sync:
> >
> > [root@ipa3 ~]# ipa-replica-manage list
> > ipa3.my.net:master
> > ipa4.my.net:master
> > ipa5.my.net:master
> > [root@ipa3 ~]# ipa host-find solr14.my.net
> > ---------------
> > 0 hosts matched
> > ---------------
> > ----------------------------
> > Number of entries returned 0
> > ----------------------------
> >
> > On ipa4:
> > [root@ipa3 ~]# ipa host-find solr14.my.net
> > ---------------
> > 1 hosts matched
> > ---------------
> > Host name: solr14.my.net
> > ----------------------------
> > Number of entries returned 1
> > ----------------------------
> >
> > On ipa5:
> > [root@ipa3 ~]# ipa host-find solr14.my.net
> > ---------------
> > 1 hosts matched
> > ---------------
> > Host name: solr14.my.net
> > Principal name: host/solr14.my....@my.net
> > <mailto:host/solr14.my....@my.net>
> > :
> > :
> > ----------------------------
> > Number of entries returned 1
> > ----------------------------
> >
> > So they've obviously stopped talking. What's the right way to get them
> > back in sync and ensure that they don't drift again? Is there a
> > replication entry that's "stuck" and causing this?
>
>
> On each master run: ipa-replica-manage list -v `hostname`
> That will give you the replication status.
> You can try to wake up an agreement with: ipa-replica-manage force-sync
> --from <host>
>
> rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org