On 05/12/2016 05:28 AM, Prasun Gera wrote:
Hi everyone,
I had a pretty similar failure on my replica yesterday. The replica
was not reachable, and I asked someone to have a look at the system.
They presumably rebooted it. When it came back up, ipactl wouldn't
start, and the symptoms were pretty similar to those described in this
thread. I followed the solution of copying dse.ldif.startOK
to dse.ldif, and that started everything.
This is very strange, it should not be possible to loose a dse.ldif,
although you are now teh second person reporting this. I have seen 0
length dse.ldif.tmp if a VM was powerd off while ds was active, but from
DS point of view it is not possible to complete loos the dse.ldif.
The dse.ldif stores the configuration information including replication
agreements and and when ever this is updated the new state is written to
disk. The procedure is like this:
-create a dse.ldif.tmp (this is the only time a 0 byte dse.ldif* file exists
-write the config to dse.ldif.tmp
-rename dse.ldif to dse.ldif.bak
-rename dse.ldif.tmp to dse.ldif
So, if the machine or the server crashes during this process there
should be always a dse.ldif.tmp or dse.ldif.bak containing the current
or latest information. If anyone has an idea how on a VM when powering
it off can completely loose these files I would like to know.
However, I see some errors in dirsrv's logs. It is constantly printing
lines like "DSRetroclPlugin - delete_changerecord: could not delete
change record 418295". Is that normal ?
Unfortunately it can be. If after a crash the beginning of the retro cl
is incorrectly calculated, changelog trimming might try to remov no
longer existing records, it is annoying but harmless, so far we have not
further investigated how to prevent this.
How do I confirm that the replica is back and fully functional ? Why
did this happen in the first place ?
On Wed, Apr 27, 2016 at 1:41 PM, Gady Notrica <gnotr...@candeal.com
<mailto:gnotr...@candeal.com>> wrote:
All good!!!
Gady
-----Original Message-----
From: Alexander Bokovoy [mailto:aboko...@redhat.com
<mailto:aboko...@redhat.com>]
Sent: April 27, 2016 1:19 PM
To: Gady Notrica
Cc: Ludwig Krispenz; freeipa-users@redhat.com
<mailto:freeipa-users@redhat.com>
Subject: Re: [Freeipa-users] krb5kdc service not starting
On Wed, 27 Apr 2016, Gady Notrica wrote:
>Hello Ludwig,
>
>Is there a reason why my AD show offline?
>
>[root@cd-p-ipa1 /]# wbinfo --online-status BUILTIN : online IPA :
>online CD-PRD : offline
wbinfo output is irrelevant for RHEL 7.2-based IPA trusts.
You need to make sure that 'getent passwd CD-PRD\\Administrator'
resolves via SSSD.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael
O'Neill
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
