Hi IPA Gurus,
I had a 3 site multi master IPA replication setup (1 office and 2 datacentres) with 2 IPA servers at each site. Each server was replicating successfully to 3 other servers (the other local site server and one server at each of the two remote sites). Everything is running on the default packages from CentOS 7.2 and each server is a full replica (ipa-replica-install /var/lib/ipa/replica-info-id-myserver.fqdn.com.gpg --setup-ca --setup-dns --mkhomedir --forwarder 8.8.8.8) Everything was ticking over nicely until we had notice that the office site was moving on short notice. I successfully created IPA servers at the new site, setup replication again between the new office and the two datacentres that were to remain online, tested and everything worked as expected - unfortunately in the rush I did not have time to properly retire the IPA servers in the old office. The problem this has caused is that I only ever created users in one of the IPA servers in the original office - so only those servers have a DNA range and I am now unable to create new users on the active servers. The original office servers are still in the IPA replication and powered on but offline so potential split brain? I now have two things I would like to know before proceeding: * Is the best fix here to force remove the original IPA servers and manually add a new dna range significantly different from the original to avoid overlaps? * Is there anything else I should check? I can't see any issues however did not notice the DNA range until I tried to create a user. Any pointers greatly appreciated. Thanks, Neal.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
