Hello team,
We use ipa_check_consistency
<
https://github.com/peterpakos/checkipaconsistency/blob/master/README.md&g...
to check IPA master consistency every night via cron. One of the masters
failed at Ghost last night. Here is the check for Ghost:
|ldapsearch -o ldif-wrap=no -ZZ -LLLx -h
ipa1.example.com
<
http://ipa1.example.com> -D ||"cn=Directory Manager"| |-W -s sub
-b ||"dc=example,dc=com"| |"(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"| |nscpentrywsi|
What is the significance of this inconsistency? Is there a way to fix
this other than reinitialize?
It is a check for unused RUV. Did you recently remove a server?
ipa-replica-manage(1) has several commands to help identify and clean
these up.
For the gory details see