Just an update on this.
Came back from the long weekend and 50% of our servers (3) were not responding,
the dirsrv was crashing everytime it had an update from the CA master (we could
not figure out why). If we closed the firewall between replica and CA master
the servers stayed up.
After a few days of trying various things to resurrect the down servers we
rebuilt the whole cluster based off the master CA server. None of the original
servers are now present.
After another long weekend we seem (so far) to have a stable cluster. Ignoring
the usual replication conflicts we get with heavy server creation/deletion due
to AWS spot instances.
The only out standing item now is the records that make "cipa" think we have
"ghost replicas"
nsruvReplicaLastModified: {replica 25} 00000000
nsruvReplicaLastModified: {replica 23} 00000000
nsruvReplicaLastModified: {replica 40} 00000000
nsruvReplicaLastModified: {replica 21} 00000000
There are no RUVs to match these replicas (21,23, 25, 40).
So it looks like these key/value pairs are the only things left.
Any ideas on how to remove them?
Many thanks.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
