Just an update on this.
Came back from the long weekend and 50% of our servers (3) were not responding, the dirsrv
was crashing everytime it had an update from the CA master (we could not figure out why).
If we closed the firewall between replica and CA master the servers stayed up.
After a few days of trying various things to resurrect the down servers we rebuilt the
whole cluster based off the master CA server. None of the original servers are now
present.
After another long weekend we seem (so far) to have a stable cluster. Ignoring the usual
replication conflicts we get with heavy server creation/deletion due to AWS spot
instances.
The only out standing item now is the records that make "cipa" think we have
"ghost replicas"
nsruvReplicaLastModified: {replica 25} 00000000
nsruvReplicaLastModified: {replica 23} 00000000
nsruvReplicaLastModified: {replica 40} 00000000
nsruvReplicaLastModified: {replica 21} 00000000
There are no RUVs to match these replicas (21,23, 25, 40).
So it looks like these key/value pairs are the only things left.
Any ideas on how to remove them?
Many thanks.