Hola,
On Wed, 8 Nov 2017, Lachlan Musicman via FreeIPA-users wrote:
I'm still trying to wrap my head around the master-replica
concept.
From what I read in the documentation (Chapter 4 of
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
)
the replica should be able to take over as master should master go
offline.
Our replica was set up with CA & without DNS - the same as master, and
it seems to be working on the whole.
The problem I'm having is in the replication. create user on master:
ipa user-add master_test_user --first=MT --last=ML
create user on replica:
ipa user-add replica_test_user --first=RT --last=RL
find user on master:
[root@vmpr-linuxidm ~]# ipa user-find test_user
---------------
2 users matched
---------------
[...]
find user on replica:
[root@vmdr-linuxidm ~]# ipa user-find test_user
--------------
1 user matched
--------------
[...]
If I run ipa user-add on the replica, I see it upstream on master, but
if I run ipa add-user on the master, that's not replicated down to the
replica.
Also, ipa user-del (even with --no-preserve) works on master, but
doesn't delete the user on the replica.
What has gone wrong?
I had something similar recently (replica not "talking" to master). It
turned out that replication refused to work in both directions for reasons
still unknown to me. Finally, i had to reinstall my replica
(ipa-replica-install --setup-ca) to make replication work again:
---
root@poolsrv:~# ipa topologysegment-find
Suffix name: domain
-----------------
1 segment matched
-----------------
Segment name:
o201.example.org-to-poolsrv.example.org
Left node:
o201.example.org
Right node:
poolsrv.example.org
Connectivity: both
----------------------------
Number of entries returned 1
----------------------------
root@poolsrv:~# ipa topologysegment-find
Suffix name: ca
-----------------
1 segment matched
-----------------
Segment name:
o201.example.org-to-poolsrv.example.org
Left node:
o201.example.org
Right node:
poolsrv.example.org
Connectivity: both
----------------------------
Number of entries returned 1
----------------------------
---
"Connectivity" is now "both" but used to be "left-right". I
also had a lot
of errors in the poolsrv (replica) directory server log referring to
NSMMReplicationPlugin. You may want to check this in order to diagnose the
problem.
Maybe, the augurs know a better way to fix this than to reinstall.
Mit freundlichen Gruessen/With best regards,
--Daniel.