Hello,
reading some docs about the sync of my two servers :
# ipa-replica-manage list server1.domain: master server2.domain: master
# ipa-replica-manage list-ruv Directory Manager password:
Replica Update Vectors: server2.domain:389: 7 server1.domain:389: 4 Certificate Server Replica Update Vectors: No CS-RUVs found.
My doubt is . To solve this i only need to run the command :
ipa-replica-manage force-sync --from srv2.domain
?
Thanks for your atention :-)
Ataliba Teixeira via FreeIPA-users wrote:
Hello,
reading some docs about the sync of my two servers :
# ipa-replica-manage list server1.domain: master server2.domain: master
# ipa-replica-manage list-ruv Directory Manager password:
Replica Update Vectors: server2.domain:389: 7 server1.domain:389: 4 Certificate Server Replica Update Vectors: No CS-RUVs found.
My doubt is . To solve this i only need to run the command :
ipa-replica-manage force-sync --from srv2.domain
I'm not sure what problem you are trying to solve. The above doesn't show any issues.
To see replication status you need to run ipa-replica-manage list twice like:
ipa-replica-manage list -v server1.domain ipa-replica-manage list -v server2.domain
This will show the agreement status from both sides.
rob
Hello Rob,
The strange thing i have here is. The server2 has all of my servers listed on the web interface but the server1 not have all of this servers.
When i run the command :
# ipa-replica-manage list -v server2.domain server1.domain: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: Error (0) Replica acquired successfully: Incremental update succeeded last update ended: 2017-06-27 14:57:34+00:00
# ipa-replica-manage list -v server1.domain server2.domain: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: Error (0) Replica acquired successfully: Incremental update succeeded last update ended: 2017-06-27 14:57:41+00:00
No problems with the sincronization.
My doubt is this. Why i have differences on the two web interfaces. Another error i have in the structure is this :
# ssh app01 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is f5:21:f0:0c:b7:4b:cf:c4:f2:8f:9c:8a:75:d3:55:5c. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending RSA key in /var/lib/sss/pubconf/known_hosts:4 RSA host key for app01 has changed and you have requested strict checking. Host key verification failed.
And this server is one of the servers listed on server2 and not on the server1 .
Thanks for your help,
On Tue, Jun 27, 2017 at 11:47 AM Rob Crittenden rcritten@redhat.com wrote:
Ataliba Teixeira via FreeIPA-users wrote:
Hello,
reading some docs about the sync of my two servers :
# ipa-replica-manage list server1.domain: master server2.domain: master
# ipa-replica-manage list-ruv Directory Manager password:
Replica Update Vectors: server2.domain:389: 7 server1.domain:389: 4 Certificate Server Replica Update Vectors: No CS-RUVs found.
My doubt is . To solve this i only need to run the command :
ipa-replica-manage force-sync --from srv2.domain
I'm not sure what problem you are trying to solve. The above doesn't show any issues.
To see replication status you need to run ipa-replica-manage list twice like:
ipa-replica-manage list -v server1.domain ipa-replica-manage list -v server2.domain
This will show the agreement status from both sides.
rob
All the problems are solved.
Thanks for all :)
On Tue, Jun 27, 2017 at 1:11 PM Ataliba Teixeira ataliba@gmail.com wrote:
Hello Rob,
The strange thing i have here is. The server2 has all of my servers listed on the web interface but the server1 not have all of this servers.
When i run the command :
# ipa-replica-manage list -v server2.domain server1.domain: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: Error (0) Replica acquired successfully: Incremental update succeeded last update ended: 2017-06-27 14:57:34+00:00
# ipa-replica-manage list -v server1.domain server2.domain: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: Error (0) Replica acquired successfully: Incremental update succeeded last update ended: 2017-06-27 14:57:41+00:00
No problems with the sincronization.
My doubt is this. Why i have differences on the two web interfaces. Another error i have in the structure is this :
# ssh app01 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is f5:21:f0:0c:b7:4b:cf:c4:f2:8f:9c:8a:75:d3:55:5c. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending RSA key in /var/lib/sss/pubconf/known_hosts:4 RSA host key for app01 has changed and you have requested strict checking. Host key verification failed.
And this server is one of the servers listed on server2 and not on the server1 .
Thanks for your help,
On Tue, Jun 27, 2017 at 11:47 AM Rob Crittenden rcritten@redhat.com wrote:
Ataliba Teixeira via FreeIPA-users wrote:
Hello,
reading some docs about the sync of my two servers :
# ipa-replica-manage list server1.domain: master server2.domain: master
# ipa-replica-manage list-ruv Directory Manager password:
Replica Update Vectors: server2.domain:389: 7 server1.domain:389: 4 Certificate Server Replica Update Vectors: No CS-RUVs found.
My doubt is . To solve this i only need to run the command :
ipa-replica-manage force-sync --from srv2.domain
I'm not sure what problem you are trying to solve. The above doesn't show any issues.
To see replication status you need to run ipa-replica-manage list twice like:
ipa-replica-manage list -v server1.domain ipa-replica-manage list -v server2.domain
This will show the agreement status from both sides.
rob
--
Ataliba Teixeira via Inbox by Gmail
freeipa-users@lists.fedorahosted.org