Thank you very much! That does it. On 7 April 2016 at 13:12, Ludwig Krispenz <lkris...@redhat.com> wrote:
> > On 04/07/2016 07:23 AM, Prashant Bapat wrote: > > What I have done now was to add a new server, ipa02 and configured > replication again and things are fine. > > However on IPA1 the 389 ds error logs have reference to the dead ipa2 > replica. > > [07/Apr/2016:04:13:11 +0000] NSMMReplicationPlugin - agmt="cn= > meToipa2.example.net" (ipa2:389): Replication bind with GSSAPI auth > failed: LDAP error -1 (Can't contact LDAP server) () > [07/Apr/2016:04:13:11 +0000] NSMMReplicationPlugin - Abort CleanAllRUV > Task (rid 6): Failed to connect to replica(agmt="cn=meToipa2.example.net" > (ipa2:389)). > [07/Apr/2016:04:13:11 +0000] NSMMReplicationPlugin - Abort CleanAllRUV > Task (rid 6): Retrying in 14400 seconds > > It will never be able to connect to ipa2 as its gone permanently. Also the > ipa-replica-manage list `hostname` command still shows the ipa2 as > replica. > > How to remove this permanently ??? > > I don't know why you did get into this state, ipa-replica-manage del > should have removed the agreement. You can do it by directly deleting it in > DS: > - get the full dn of the agreement > ldapsearch ..... -D "cn=directory manager" -w .... -b cn=config > "cn=meToipa2.example.net" > dn <http://meToipa2.example.net> > it should return an entry with > dn: <agreement dn> > > the do a delete > > ldapmodify ..... -D "cn=directory manager" -w .... > dn: <agreement dn> > changetype: delete > > > Thanks. > --Prashant > > On 6 April 2016 at 22:17, Prashant Bapat <prash...@apigee.com> wrote: > >> # ipa-replica-manage list `hostname` >> ipa2.example.net: replica >> ipa3.example.net: replica >> ipa4.example.net: replica >> >> ipa2.example.net should not be there. How do I remove it? >> >> On 6 April 2016 at 18:55, Rob Crittenden <rcrit...@redhat.com> wrote: >> >>> Prashant Bapat wrote: >>> >>>> Hi, >>>> >>>> We had 4 IPA servers in master master mode with all of them connected to >>>> each other. >>>> >>>> IPA1 <----> IPA2 (colo 1) >>>> IPA3 <----> IPA4 (colo 2) >>>> >>>> One of the replica servers (IPA2) had to be rebuild. >>>> >>>> So I went ahead and used below commands. >>>> >>>> ipa-replica-manage disconnect IPA2 IPA3 >>>> ipa-replica-manage disconnection IPA2 IPA4 >>>> ipa-replica-manage del IPA2 (to remove it on IPA1). >>>> >>>> An then ran ipa-server-install --uninstallon IPA2. >>>> >>>> Created the replica info file using ipa-replica-prepare IPA2. >>>> >>>> When I tried to run ipa-replica-install on IPA2, it says >>>> >>>> A replication agreement for this host already exists. It needs to be >>>> removed. >>>> Run this on the master that generated the info file: >>>> % ipa-replica-manage del ipa2.example.net <http://ipa2.example.net >>>> > >>>> --force >>>> >>>> Now on IPA1, no matter what I do it still has references to IPA2. >>>> >>>> So far I have tried the following. >>>> >>>> 1. ipa-replica-manage del --force IPA2 >>>> 2. ipa-replica-manage del --force --cleanruv IPA2 >>>> 3. /usr/sbin/cleanallruv.pl <http://cleanallruv.pl> -D "cn=directory >>>> manager" -w - -b "dc=example,dc=net" -r 6 >>>> >>>> >>>> Got the rid = 6 by running >>>> ldapsearch -Y GSSAPI -b "dc=example,dc=net" >>>> >>>> '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))' >>>> nsds50ruv >>>> >>>> In the directory server logs, I guess its still trying to connect to >>>> IPA2 and failing. Below are some lines. >>>> >>>> [06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - >>>> agmt="cn=meToipa2.example.net <http://meToipa2.example.net>" >>>> (ipa2:389): >>>> Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact >>>> LDAP server) () >>>> [06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - CleanAllRUV Task >>>> (rid 6): Replica not online (agmt="cn=meToipa2.example.net >>>> <http://meToipa2.example.net>" (ipa2:389)) >>>> [06/Apr/2016:10:18:09 +0000] NSMMReplicationPlugin - CleanAllRUV Task >>>> (rid 6): Not all replicas online, retrying in 2560 seconds... >>>> >>>> Any pointers would be helpful. >>>> >>> >>> On ipa1 run: >>> >>> % ipa-replica-manage list -v `hostname` >>> >>> This will give the list of actual agreements and their status. >>> >>> rob >>> >>> >> > > > > -- > Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, > Commercial register: Amtsgericht Muenchen, HRB 153243, > Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael > O'Neill > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project