Oops. I spoke too soon. The one I thought I fixed is now just scrolling "No
status yet" over and over...
Bret Wortman
Founder, Damascus Products, LLC
855-644-2783 (tel:855-644-2783) | b...@wrapbuddies.co
(https://link.getmailspring.com/link/1183d1dd-2462-44d7-a501-d9f2a79e8...@getmailspring.com/0?redirect=mailto%3Abret%40wrapbuddies.co&recipient=ZnJlZWlwYS11c2Vyc0BsaXN0cy5mZWRvcmFob3N0ZWQub3Jn)
http://wrapbuddies.co/
(https://link.getmailspring.com/link/1183d1dd-2462-44d7-a501-d9f2a79e8...@getmailspring.com/1?redirect=http%3A%2F%2Fwrapbuddies.co%2F&recipient=ZnJlZWlwYS11c2Vyc0BsaXN0cy5mZWRvcmFob3N0ZWQub3Jn)
70 Main St. Suite 23 Warrenton, VA 20186
On Mar 26 2019, at 8:54 am, Bret Wortman <bret.wort...@damascusgrp.com> wrote:
> One had a clock skew error (fixed), but the other non-CA replica shows:
>
> ipa3.spx.net:
> (https://link.getmailspring.com/link/1183d1dd-2462-44d7-a501-d9f2a79e8...@getmailspring.com/6?redirect=ipa3.spx.net%3A&recipient=ZnJlZWlwYS11c2Vyc0BsaXN0cy5mZWRvcmFob3N0ZWQub3Jn)
> replica
> last init status: None
> last init ended: 1970-01-01 00:00:00+00:00
> last update status: Error (3) Replication error acquiring replica: Unable to
> acquire replica: permission denied. The bind dn does not have permission to
> supply replication updates to the replica. Will retry later. (permission
> denied)
>
> Do I need to re-init this replica from scratch (as in, remove it, unbind it
> from the servers, re-add it as a client and then re-promote it)?
>
> Bret Wortman
> Founder, Damascus Products, LLC
>
> 855-644-2783 (tel:855-644-2783) | b...@wrapbuddies.co
> (https://link.getmailspring.com/link/1183d1dd-2462-44d7-a501-d9f2a79e8...@getmailspring.com/7?redirect=mailto%3Abret%40wrapbuddies.co&recipient=ZnJlZWlwYS11c2Vyc0BsaXN0cy5mZWRvcmFob3N0ZWQub3Jn)
>
>
>
>
> http://wrapbuddies.co/
> (https://link.getmailspring.com/link/1183d1dd-2462-44d7-a501-d9f2a79e8...@getmailspring.com/8?redirect=http%3A%2F%2Fwrapbuddies.co%2F&recipient=ZnJlZWlwYS11c2Vyc0BsaXN0cy5mZWRvcmFob3N0ZWQub3Jn)
>
>
>
> 70 Main St. Suite 23 Warrenton, VA 20186
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Mar 26 2019, at 8:47 am, Rob Crittenden <rcrit...@redhat.com> wrote:
> > Bret Wortman via FreeIPA-users wrote:
> > > Looks like I've somehow managed to get my 3 IPA servers out of sync:
> > >
> > > [root@ipa3 ~]# ipa-replica-manage list
> > > ipa3.my.net:master
> > > ipa4.my.net:master
> > > ipa5.my.net:master
> > > [root@ipa3 ~]# ipa host-find solr14.my.net
> > > ---------------
> > > 0 hosts matched
> > > ---------------
> > > ----------------------------
> > > Number of entries returned 0
> > > ----------------------------
> > >
> > > On ipa4:
> > > [root@ipa3 ~]# ipa host-find solr14.my.net
> > > ---------------
> > > 1 hosts matched
> > > ---------------
> > > Host name: solr14.my.net
> > > ----------------------------
> > > Number of entries returned 1
> > > ----------------------------
> > >
> > > On ipa5:
> > > [root@ipa3 ~]# ipa host-find solr14.my.net
> > > ---------------
> > > 1 hosts matched
> > > ---------------
> > > Host name: solr14.my.net
> > > Principal name: host/solr14.my....@my.net
> > > <mailto:host/solr14.my....@my.net>
> > > :
> > > :
> > > ----------------------------
> > > Number of entries returned 1
> > > ----------------------------
> > >
> > > So they've obviously stopped talking. What's the right way to get them
> > > back in sync and ensure that they don't drift again? Is there a
> > > replication entry that's "stuck" and causing this?
> >
> >
> > On each master run: ipa-replica-manage list -v `hostname`
> > That will give you the replication status.
> > You can try to wake up an agreement with: ipa-replica-manage force-sync
> > --from <host>
> >
> > rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
