I am running the latest CentOS 7.3 / FreeIPA release and it appears that my replication got broke.
[27/Jun/2017:17:28:58.705411461 +0000] NSMMReplicationPlugin - agmt="cn=meTolasdc-lmfpa-002.lxi.m451.tech" (lasdc-lmfpa-002:389): Data required to update replica has been purged from the changelog. The replica must be reinitialized. [27/Jun/2017:17:29:02.257550913 +0000] agmt="cn=meTolasdc-lmfpa-002.lxi.m451.tech " (lasdc-lmfpa-002:389) - Can't locate CSN 595283d600b400140000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized.
When I try to delete the agreement and re-create it I get the error: Removal of IPA replication agreement is deprecated with managed IPA replication topology. Please use `ipa topologysegment-*` commands to manage the topology.
However when I try to delete the segment and recreate it I also get an error.
[root@lasdc-lmfpa-002 ~]# ipa topologysegment-del Suffix name: domain Segment name: las01-003-010.lxi.m451.tech-to-lasdc-lmfpa-002.lxi.m451.tech ipa: ERROR: Server is unwilling to perform: Removal of Segment disconnects topology.Deletion not allowed.
Any ideas how i resolve this issue? I basically have 2 FreeIPA servers in each DC and the one DC is happy with the sync, but I lost all replication to the other so passwords aren't syncing across DC's.
On 06/27/2017 07:36 PM, Devin Acosta via FreeIPA-users wrote:
I am running the latest CentOS 7.3 / FreeIPA release and it appears that my replication got broke.
[27/Jun/2017:17:28:58.705411461 +0000] NSMMReplicationPlugin - agmt="cn=meTolasdc-lmfpa-002.lxi.m451.tech" (lasdc-lmfpa-002:389): Data required to update replica has been purged from the changelog. The replica must be reinitialized. [27/Jun/2017:17:29:02.257550913 +0000] agmt="cn=meTolasdc-lmfpa-002.lxi.m451.tech " (lasdc-lmfpa-002:389) - Can't locate CSN 595283d600b400140000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized.
When I try to delete the agreement and re-create it I get the error: Removal of IPA replication agreement is deprecated with managed IPA replication topology. Please use `ipa topologysegment-*` commands to manage the topology.
However when I try to delete the segment and recreate it I also get an error.
[root@lasdc-lmfpa-002 ~]# ipa topologysegment-del Suffix name: domain Segment name: las01-003-010.lxi.m451.tech-to-lasdc-lmfpa-002.lxi.m451.tech ipa: ERROR: Server is unwilling to perform: Removal of Segment disconnects topology.Deletion not allowed.
if this is the only connection between these two servers you cannot remove the segment or the agreement, but this is not required. The error message says you might have to re-initialize (ipa-replica-manage re-initialize .....). you colud also first try to add another segment and see if replication will flow again. Another option is to try to kickstart replication by forcing to ignore the missing csn by changing a param in the replcation agreement:
replace: nsds5ReplicaIgnoreMissingChange nsds5ReplicaIgnoreMissingChange: once
But you should find what csn 95283d600b400140000 refers to an if you could have lost changes.
Any ideas how i resolve this issue? I basically have 2 FreeIPA servers in each DC and the one DC is happy with the sync, but I lost all replication to the other so passwords aren't syncing across DC's.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
freeipa-users@lists.fedorahosted.org