Hello.
I'm using FreeIPA and I have 4 masters which replicates to each others.
On all the masters, I can see the following message from time to time : ### NSMMReplicationPlugin - replication keep alive entry <cn=repl keep alive 6,dc=mydomain> already exists ###
I don't really understand this message in fact. May you explain it to me please ?
Best regards.
Bahan
On 12/23/2015 10:09 AM, bahan w wrote:
Hello.
I'm using FreeIPA and I have 4 masters which replicates to each others.
On all the masters, I can see the following message from time to time : ### NSMMReplicationPlugin - replication keep alive entry <cn=repl keep alive 6,dc=mydomain> already exists ###
I don't really understand this message in fact. May you explain it to me please ?
This message is harmless and can be ignored. The replication plugin is just trying to add the "keep alive" entry, but it already exists(which is fine). This ticket is what introduced the "keep alive" entry:
https://fedorahosted.org/389/ticket/48266
Basically it is an entry that is periodically updated to avoid replicas from becoming stale - which can lead to replication permanently breaking, and require a re-initialization.
Is the message being logged too often? Perhaps this message can be moved to the "replication" logging section, instead of being logged by default? Can you can open a new ticket to have that investigated if you would like.
Mark
Best regards.
Bahan
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
Hey Mark.
Thanks for your answer.
Just to be sure, you say this entry is regularly updated, but when I try to ldapsearch it, I cannot find it : ### ldapsearch -x -D "cn=Directory Manager" -h <IPA SERVER> -p 389 -W -b "cn=repl keep alive 6,dc=mydomain" ###
Result : ### # extended LDIF # # LDAPv3 # base <cn=repl keep alive 6,dc=mydomain> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object matchedDN: dc=mydomain
# numResponses: 1 ###
Maybe my ldapsearch is bad ?
Best regards.
Bahan
On Wed, Dec 23, 2015 at 4:26 PM, Mark Reynolds mareynol@redhat.com wrote:
On 12/23/2015 10:09 AM, bahan w wrote:
Hello.
I'm using FreeIPA and I have 4 masters which replicates to each others.
On all the masters, I can see the following message from time to time : ### NSMMReplicationPlugin - replication keep alive entry <cn=repl keep alive 6,dc=mydomain> already exists ###
I don't really understand this message in fact. May you explain it to me please ?
This message is harmless and can be ignored. The replication plugin is just trying to add the "keep alive" entry, but it already exists(which is fine). This ticket is what introduced the "keep alive" entry:
https://fedorahosted.org/389/ticket/48266
Basically it is an entry that is periodically updated to avoid replicas from becoming stale - which can lead to replication permanently breaking, and require a re-initialization.
Is the message being logged too often? Perhaps this message can be moved to the "replication" logging section, instead of being logged by default? Can you can open a new ticket to have that investigated if you would like.
Mark
Best regards.
Bahan
-- 389 users mailing list 389-users@%(host_name)shttp://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
-- 389 users mailing list 389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
On 12/23/2015 10:53 AM, bahan w wrote:
Hey Mark.
Thanks for your answer.
Just to be sure, you say this entry is regularly updated, but when I try to ldapsearch it, I cannot find it : ### ldapsearch -x -D "cn=Directory Manager" -h <IPA SERVER> -p 389 -W -b "cn=repl keep alive 6,dc=mydomain" ###
Result : ### # extended LDIF # # LDAPv3 # base <cn=repl keep alive 6,dc=mydomain> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object matchedDN: dc=mydomain
# numResponses: 1 ###
Maybe my ldapsearch is bad ?
Its an ldapsubentry, so you need to search for the exact DN and do a "base" search. So, you just need to add "-s base" to your ldapsearch from above:
ldapsearch -x -D "cn=Directory Manager" -h <IPA SERVER> -p 389 -W -b "cn=repl keep alive 6,dc=mydomain" -s base
Regards, Mark
Best regards.
Bahan
On Wed, Dec 23, 2015 at 4:26 PM, Mark Reynolds <mareynol@redhat.com mailto:mareynol@redhat.com> wrote:
On 12/23/2015 10:09 AM, bahan w wrote:
Hello. I'm using FreeIPA and I have 4 masters which replicates to each others. On all the masters, I can see the following message from time to time : ### NSMMReplicationPlugin - replication keep alive entry <cn=repl keep alive 6,dc=mydomain> already exists ### I don't really understand this message in fact. May you explain it to me please ?
This message is harmless and can be ignored. The replication plugin is just trying to add the "keep alive" entry, but it already exists(which is fine). This ticket is what introduced the "keep alive" entry: https://fedorahosted.org/389/ticket/48266 Basically it is an entry that is periodically updated to avoid replicas from becoming stale - which can lead to replication permanently breaking, and require a re-initialization. Is the message being logged too often? Perhaps this message can be moved to the "replication" logging section, instead of being logged by default? Can you can open a new ticket to have that investigated if you would like. Mark
Best regards. Bahan -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
Re.
I have some additionnal questions, if I may ?
Let's say I have 4 ipa masters : S1 S2 S3 S4
1. When a modification is performed on a specific server, S1 for example, then : - is it the replication plugin on S2, S3, and S4 which replicates the modification ? - Or is it the replication plugin on S1 which replicates to S2, S3 and S4 ?
2. To come back to my original question, so this is the replication plugin of S2, S3 and S4 which tries to create the entry cn=repl keep alive in the ldap ? Not the the replication plugin from the S1, right ?
3. In the log message I can see a number with the "repl keep alive", do you know what it means ? Is it the frequency of the replication ?
4. When you say this is to avoid replicas to become obsolete, what do you mean ? If I understood well, there is one entry in the ldap for cn=repl keep alive, are there multiple attributes for this entry ?
Sorry for all these questions, I'm a little bit noob here.
Best regards.
Bahan
On Wed, Dec 23, 2015 at 4:53 PM, bahan w bahanw042014@gmail.com wrote:
Hey Mark.
Thanks for your answer.
Just to be sure, you say this entry is regularly updated, but when I try to ldapsearch it, I cannot find it : ### ldapsearch -x -D "cn=Directory Manager" -h <IPA SERVER> -p 389 -W -b "cn=repl keep alive 6,dc=mydomain" ###
Result : ### # extended LDIF # # LDAPv3 # base <cn=repl keep alive 6,dc=mydomain> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object matchedDN: dc=mydomain
# numResponses: 1 ###
Maybe my ldapsearch is bad ?
Best regards.
Bahan
On Wed, Dec 23, 2015 at 4:26 PM, Mark Reynolds mareynol@redhat.com wrote:
On 12/23/2015 10:09 AM, bahan w wrote:
Hello.
I'm using FreeIPA and I have 4 masters which replicates to each others.
On all the masters, I can see the following message from time to time : ### NSMMReplicationPlugin - replication keep alive entry <cn=repl keep alive 6,dc=mydomain> already exists ###
I don't really understand this message in fact. May you explain it to me please ?
This message is harmless and can be ignored. The replication plugin is just trying to add the "keep alive" entry, but it already exists(which is fine). This ticket is what introduced the "keep alive" entry:
https://fedorahosted.org/389/ticket/48266
Basically it is an entry that is periodically updated to avoid replicas from becoming stale - which can lead to replication permanently breaking, and require a re-initialization.
Is the message being logged too often? Perhaps this message can be moved to the "replication" logging section, instead of being logged by default? Can you can open a new ticket to have that investigated if you would like.
Mark
Best regards.
Bahan
-- 389 users mailing list 389-users@%(host_name)shttp://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
-- 389 users mailing list 389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
On 12/23/2015 11:16 AM, bahan w wrote:
Re.
I have some additionnal questions, if I may ?
Let's say I have 4 ipa masters : S1 S2 S3 S4
- When a modification is performed on a specific server, S1 for
example, then :
- is it the replication plugin on S2, S3, and S4 which replicates the
modification ?
- Or is it the replication plugin on S1 which replicates to S2, S3 and
S4 ?
Simple description:
When a replica is updated by a client, that "update" goes into the replication changelog. Then each replication agreement reads the change log and sends those updates to the replication consumer defined in the agreement. Then the process continues on each replica until the change is present in all the servers. There's much more to it than that, but that's the basic idea
- To come back to my original question, so this is the replication
plugin of S2, S3 and S4 which tries to create the entry cn=repl keep alive in the ldap ? Not the the replication plugin from the S1, right ?
Each replica has/creates its own "keep alive" entry.
- In the log message I can see a number with the "repl keep alive",
do you know what it means ? Is it the frequency of the replication ?
It's the replica ID
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht...
- When you say this is to avoid replicas to become obsolete, what do
you mean ? If I understood well, there is one entry in the ldap for cn=repl keep alive, are there multiple attributes for this entry ?
If a replica is not directly updated in a long time then the last changes it received from a client can get purged from the changelog and/or entry meta data. Which makes it impossible to update other replicas once this condition is hit. This is more prevalent when using fractional replication(which ipa uses). This is a very complicated process, and out of the scope of this discussion. You don't need to worry about this entry :-) And the error message you reported is actually just a information message - it should be changed to a different log level.
Sorry for all these questions, I'm a little bit noob here.
Doesn't hesitate to look at the docs:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht...
And our wiki has some great content:
Mark
Best regards.
Bahan
On Wed, Dec 23, 2015 at 4:53 PM, bahan w <bahanw042014@gmail.com mailto:bahanw042014@gmail.com> wrote:
Hey Mark. Thanks for your answer. Just to be sure, you say this entry is regularly updated, but when I try to ldapsearch it, I cannot find it : ### ldapsearch -x -D "cn=Directory Manager" -h <IPA SERVER> -p 389 -W -b "cn=repl keep alive 6,dc=mydomain" ### Result : ### # extended LDIF # # LDAPv3 # base <cn=repl keep alive 6,dc=mydomain> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object matchedDN: dc=mydomain # numResponses: 1 ### Maybe my ldapsearch is bad ? Best regards. Bahan On Wed, Dec 23, 2015 at 4:26 PM, Mark Reynolds <mareynol@redhat.com <mailto:mareynol@redhat.com>> wrote: On 12/23/2015 10:09 AM, bahan w wrote:
Hello. I'm using FreeIPA and I have 4 masters which replicates to each others. On all the masters, I can see the following message from time to time : ### NSMMReplicationPlugin - replication keep alive entry <cn=repl keep alive 6,dc=mydomain> already exists ### I don't really understand this message in fact. May you explain it to me please ?
This message is harmless and can be ignored. The replication plugin is just trying to add the "keep alive" entry, but it already exists(which is fine). This ticket is what introduced the "keep alive" entry: https://fedorahosted.org/389/ticket/48266 Basically it is an entry that is periodically updated to avoid replicas from becoming stale - which can lead to replication permanently breaking, and require a re-initialization. Is the message being logged too often? Perhaps this message can be moved to the "replication" logging section, instead of being logged by default? Can you can open a new ticket to have that investigated if you would like. Mark
Best regards. Bahan -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
389-users@lists.fedoraproject.org