Hola,
I'm still trying to wrap my head around the master-replica concept.
From what I read in the documentation (Chapter 4 of
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...)
the replica should be able to take over as master should master go offline.
Our replica was set up with CA & without DNS - the same as master, and
it seems to be working on the whole.
The problem I'm having is in the replication.
create user on master:
ipa user-add master_test_user --first=MT --last=ML
create user on replica:
ipa user-add replica_test_user --first=RT --last=RL
find user on master:
[root@vmpr-linuxidm ~]# ipa user-find test_user
---------------
2 users matched
---------------
User login: master_test_user
First name: MT
Last name: ML
Home directory: /home/master_test_user
Login shell: /bin/bash
Principal name: master_test_user(a)UNIX.DOMAIN.COM
<mailto:master_test_user@UNIX.DOMAIN.COM>
Principal alias: master_test_user(a)UNIX.DOMAIN.COM
<mailto:master_test_user@UNIX.DOMAIN.COM>
Email address: master_test_user(a)domain.com
<mailto:master_test_user@domain.com>
UID: 1718800021
GID: 1718800021
Account disabled: False
User login: replica_test_user
First name: RT
Last name: RL
Home directory: /home/replica_test_user
Login shell: /bin/bash
Principal name: replica_test_user(a)UNIX.DOMAIN.COM
<mailto:replica_test_user@UNIX.DOMAIN.COM>
Principal alias: replica_test_user(a)UNIX.DOMAIN.COM
<mailto:replica_test_user@UNIX.DOMAIN.COM>
Email address: replica_test_user(a)domain.com
<mailto:replica_test_user@domain.com>
UID: 1718850502
GID: 1718850502
Account disabled: False
----------------------------
Number of entries returned 2
----------------------------
find user on replica:
[root@vmdr-linuxidm ~]# ipa user-find test_user
--------------
1 user matched
--------------
User login: replica_test_user
First name: RT
Last name: RL
Home directory: /home/replica_test_user
Login shell: /bin/bash
Principal name: replica_test_user(a)UNIX.DOMAIN.COM
<mailto:replica_test_user@UNIX.DOMAIN.COM>
Principal alias: replica_test_user(a)UNIX.DOMAIN.COM
<mailto:replica_test_user@UNIX.DOMAIN.COM>
Email address: replica_test_user(a)domain.com
<mailto:replica_test_user@domain.com>
UID: 1718850502
GID: 1718850502
Account disabled: False
----------------------------
Number of entries returned 1
----------------------------
If I run ipa user-add on the replica, I see it upstream on master, but
if I run ipa add-user on the master, that's not replicated down to the
replica.
Also, ipa user-del (even with --no-preserve) works on master, but
doesn't delete the user on the replica.
What has gone wrong?
Cheers
L.
------
"The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic
civics is the insistence that we cannot ignore the truth, nor should we
panic about it. It is a shared consciousness that our institutions have
failed and our ecosystem is collapsing, yet we are still here — and we
are creative agents who can shape our destinies. Apocalyptic civics is
the conviction that the only way out is through, and the only way
through is together. "
/Greg Bloom/ @greggish
https://twitter.com/greggish/status/873177525903609857
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Hi,
you are describing a situation where the replication from replica to
master is working (user created on replica can be seen on master), but
the replication from master to replica is not.
The replication should always be bilateral, meaning that you have an
issue. These documents [1] and [2] both contain information how to
troubleshoot replication issues. You will need to start by looking at
the directory server error logs.
HTH,
Flo.
[1]