By coincidence I found something in /var/log/messages that does not look too good:
Oct 2 09:41:30 pipa02.linux.mydomain.at ns-slapd[1905]: [02/Oct/2020:09:41:30.887447735 +0200] - ERR - NSMMReplicationPlugin - send_updates - agmt="cn=pipa02.linux.oebb.at-to-pipa06.linux.mydomain.at" (pipa06:389): Data required to update replica has been purged from the changelog. If the error persists the replica must be reinitialized.
The error seems to persist. What has do be done? Do i have to uninstall ipa replica and do an ipa-replica-install agein?
Cheers, Ronald
On 10/2/20 9:56 AM, Ronald Wimmer via FreeIPA-users wrote:
By coincidence I found something in /var/log/messages that does not look too good:
Oct 2 09:41:30 pipa02.linux.mydomain.at ns-slapd[1905]: [02/Oct/2020:09:41:30.887447735 +0200] - ERR - NSMMReplicationPlugin - send_updates - agmt="cn=pipa02.linux.oebb.at-to-pipa06.linux.mydomain.at" (pipa06:389): Data required to update replica has been purged from the changelog. If the error persists the replica must be reinitialized.
The error seems to persist. What has do be done? Do i have to uninstall ipa replica and do an ipa-replica-install agein?
Hi,
depending on your domain level, you can use either - ipa-replica-manage re-initialize and ipa-csreplica-manage reinitialize (domain-level 0) [1] or - ipa topologysegment-reinitialize (domain level 1). For more information refer to "ipa help topologysegment-reinitialize".
The command "ipa domainlevel-get" will provide you with the current domain level. The reinitialize command forces a full synchronization of the content from the specified source to the replica.
HTH, flo
[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
Cheers, Ronald _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
On 02.10.20 11:43, Florence Blanc-Renaud wrote:
On 10/2/20 9:56 AM, Ronald Wimmer via FreeIPA-users wrote:
By coincidence I found something in /var/log/messages that does not look too good:
Oct 2 09:41:30 pipa02.linux.mydomain.at ns-slapd[1905]: [02/Oct/2020:09:41:30.887447735 +0200] - ERR - NSMMReplicationPlugin - send_updates - agmt="cn=pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at" (pipa06:389): Data required to update replica has been purged from the changelog. If the error persists the replica must be reinitialized.
The error seems to persist. What has do be done? Do i have to uninstall ipa replica and do an ipa-replica-install agein?
Hi,
depending on your domain level, you can use either
- ipa-replica-manage re-initialize and ipa-csreplica-manage reinitialize
(domain-level 0) [1] or
- ipa topologysegment-reinitialize (domain level 1). For more
information refer to "ipa help topologysegment-reinitialize".
The command "ipa domainlevel-get" will provide you with the current domain level. The reinitialize command forces a full synchronization of the content from the specified source to the replica.
My domain level is 1.
ipa topologysuffix-find --------------------------- 2 topology suffixes matched --------------------------- Suffix name: ca Managed LDAP suffix DN: o=ipaca
Suffix name: domain Managed LDAP suffix DN: dc=linux,dc=mydomain,dc=at ---------------------------- Number of entries returned 2 ----------------------------
ipa topologysegment-find
[...]
Segment name: pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at Left node: pipa02.linux.mydomain.at Right node: pipa06.linux.mydomain.at Connectivity: both
[...]
ipa topologysuffix-find --------------------------- 2 topology suffixes matched --------------------------- Suffix name: ca Managed LDAP suffix DN: o=ipaca
Suffix name: domain Managed LDAP suffix DN: dc=linux,dc=mydomain,dc=at ---------------------------- Number of entries returned 2 ----------------------------
[root@pipa02 ~]# ipa topologysegment-reinitialize Suffix name: domain Segment name: pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at ipa: ERROR: left or right node has to be specified
[root@pipa02 ~]# ipa topologysegment-reinitialize Suffix name: domain Segment name: pipa06.linux.mydomain.at ipa: ERROR: no such entry
What am I doing wrong?
Cheers, Ronald
On 10/2/20 12:06 PM, Ronald Wimmer via FreeIPA-users wrote:
On 02.10.20 11:43, Florence Blanc-Renaud wrote:
On 10/2/20 9:56 AM, Ronald Wimmer via FreeIPA-users wrote:
By coincidence I found something in /var/log/messages that does not look too good:
Oct 2 09:41:30 pipa02.linux.mydomain.at ns-slapd[1905]: [02/Oct/2020:09:41:30.887447735 +0200] - ERR - NSMMReplicationPlugin
- send_updates -
agmt="cn=pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at" (pipa06:389): Data required to update replica has been purged from the changelog. If the error persists the replica must be reinitialized.
The error seems to persist. What has do be done? Do i have to uninstall ipa replica and do an ipa-replica-install agein?
Hi,
depending on your domain level, you can use either
- ipa-replica-manage re-initialize and ipa-csreplica-manage
reinitialize (domain-level 0) [1] or
- ipa topologysegment-reinitialize (domain level 1). For more
information refer to "ipa help topologysegment-reinitialize".
The command "ipa domainlevel-get" will provide you with the current domain level. The reinitialize command forces a full synchronization of the content from the specified source to the replica.
My domain level is 1.
ipa topologysuffix-find
2 topology suffixes matched
Suffix name: ca Managed LDAP suffix DN: o=ipaca
Suffix name: domain Managed LDAP suffix DN: dc=linux,dc=mydomain,dc=at
Number of entries returned 2
ipa topologysegment-find
[...]
Segment name: pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at Left node: pipa02.linux.mydomain.at Right node: pipa06.linux.mydomain.at Connectivity: both
[...]
ipa topologysuffix-find
2 topology suffixes matched
Suffix name: ca Managed LDAP suffix DN: o=ipaca
Suffix name: domain Managed LDAP suffix DN: dc=linux,dc=mydomain,dc=at
Number of entries returned 2
[root@pipa02 ~]# ipa topologysegment-reinitialize Suffix name: domain Segment name: pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at ipa: ERROR: left or right node has to be specified
[root@pipa02 ~]# ipa topologysegment-reinitialize Suffix name: domain Segment name: pipa06.linux.mydomain.at ipa: ERROR: no such entry
What am I doing wrong?
Hi,
you need to specify either --left or --right to tell which side needs to be reinitialized:
# ipa help topologysegment-reinitialize Usage: ipa [global-options] topologysegment-reinitialize TOPOLOGYSUFFIX NAME [options]
Request a full re-initialization of the node retrieving data from the other node. Options: -h, --help show this help message and exit --left Initialize left node --right Initialize right node --stop Stop already started refresh of chosen node(s)
I would advise to make a backup first, just in case you pick the wrong side...
flo
Cheers, Ronald _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
On 02.10.20 17:54, Florence Blanc-Renaud via FreeIPA-users wrote:
On 10/2/20 12:06 PM, Ronald Wimmer via FreeIPA-users wrote:
On 02.10.20 11:43, Florence Blanc-Renaud wrote:
On 10/2/20 9:56 AM, Ronald Wimmer via FreeIPA-users wrote:
By coincidence I found something in /var/log/messages that does not look too good:
Oct 2 09:41:30 pipa02.linux.mydomain.at ns-slapd[1905]: [02/Oct/2020:09:41:30.887447735 +0200] - ERR - NSMMReplicationPlugin - send_updates - agmt="cn=pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at" (pipa06:389): Data required to update replica has been purged from the changelog. If the error persists the replica must be reinitialized.
The error seems to persist. What has do be done? Do i have to uninstall ipa replica and do an ipa-replica-install agein?
Hi,
depending on your domain level, you can use either
- ipa-replica-manage re-initialize and ipa-csreplica-manage
reinitialize (domain-level 0) [1] or
- ipa topologysegment-reinitialize (domain level 1). For more
information refer to "ipa help topologysegment-reinitialize".
The command "ipa domainlevel-get" will provide you with the current domain level. The reinitialize command forces a full synchronization of the content from the specified source to the replica.
My domain level is 1.
ipa topologysuffix-find
2 topology suffixes matched
Suffix name: ca Managed LDAP suffix DN: o=ipaca
Suffix name: domain Managed LDAP suffix DN: dc=linux,dc=mydomain,dc=at
Number of entries returned 2
ipa topologysegment-find
[...]
Segment name: pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at Left node: pipa02.linux.mydomain.at Right node: pipa06.linux.mydomain.at Connectivity: both
[...]
ipa topologysuffix-find
2 topology suffixes matched
Suffix name: ca Managed LDAP suffix DN: o=ipaca
Suffix name: domain Managed LDAP suffix DN: dc=linux,dc=mydomain,dc=at
Number of entries returned 2
[root@pipa02 ~]# ipa topologysegment-reinitialize Suffix name: domain Segment name: pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at ipa: ERROR: left or right node has to be specified
[root@pipa02 ~]# ipa topologysegment-reinitialize Suffix name: domain Segment name: pipa06.linux.mydomain.at ipa: ERROR: no such entry
What am I doing wrong?
Hi,
you need to specify either --left or --right to tell which side needs to be reinitialized:
# ipa help topologysegment-reinitialize Usage: ipa [global-options] topologysegment-reinitialize TOPOLOGYSUFFIX NAME [options]
Request a full re-initialization of the node retrieving data from the other node. Options: -h, --help show this help message and exit --left Initialize left node --right Initialize right node --stop Stop already started refresh of chosen node(s)
I would advise to make a backup first, just in case you pick the wrong side...
That does not solve the problem. The error I get is "ipa: ERROR: no such entry".
On 03.10.20 09:07, Ronald Wimmer via FreeIPA-users wrote:
[...] That does not solve the problem. The error I get is "ipa: ERROR: no such entry".
I checked the documentation again but somehow the command won't work as expected. The segment name is "pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at". The left node should be pipa02, right? Even when I specify the left node explicitly I do get the error.
Cheers, Ronald
On 03.10.20 09:07, Ronald Wimmer via FreeIPA-users wrote:
On 02.10.20 17:54, Florence Blanc-Renaud via FreeIPA-users wrote:
On 10/2/20 12:06 PM, Ronald Wimmer via FreeIPA-users wrote:
On 02.10.20 11:43, Florence Blanc-Renaud wrote:
On 10/2/20 9:56 AM, Ronald Wimmer via FreeIPA-users wrote:
By coincidence I found something in /var/log/messages that does not look too good:
Oct 2 09:41:30 pipa02.linux.mydomain.at ns-slapd[1905]: [02/Oct/2020:09:41:30.887447735 +0200] - ERR - NSMMReplicationPlugin - send_updates - agmt="cn=pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at" (pipa06:389): Data required to update replica has been purged from the changelog. If the error persists the replica must be reinitialized.
The error seems to persist. What has do be done? Do i have to uninstall ipa replica and do an ipa-replica-install agein?
Hi,
depending on your domain level, you can use either
- ipa-replica-manage re-initialize and ipa-csreplica-manage
reinitialize (domain-level 0) [1] or
- ipa topologysegment-reinitialize (domain level 1). For more
information refer to "ipa help topologysegment-reinitialize".
The command "ipa domainlevel-get" will provide you with the current domain level. The reinitialize command forces a full synchronization of the content from the specified source to the replica.
My domain level is 1.
ipa topologysuffix-find
2 topology suffixes matched
Suffix name: ca Managed LDAP suffix DN: o=ipaca
Suffix name: domain Managed LDAP suffix DN: dc=linux,dc=mydomain,dc=at
Number of entries returned 2
ipa topologysegment-find
[...]
Segment name: pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at Left node: pipa02.linux.mydomain.at Right node: pipa06.linux.mydomain.at Connectivity: both
[...]
ipa topologysuffix-find
2 topology suffixes matched
Suffix name: ca Managed LDAP suffix DN: o=ipaca
Suffix name: domain Managed LDAP suffix DN: dc=linux,dc=mydomain,dc=at
Number of entries returned 2
[root@pipa02 ~]# ipa topologysegment-reinitialize Suffix name: domain Segment name: pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at ipa: ERROR: left or right node has to be specified
[root@pipa02 ~]# ipa topologysegment-reinitialize Suffix name: domain Segment name: pipa06.linux.mydomain.at ipa: ERROR: no such entry
What am I doing wrong?
Hi,
you need to specify either --left or --right to tell which side needs to be reinitialized:
# ipa help topologysegment-reinitialize Usage: ipa [global-options] topologysegment-reinitialize TOPOLOGYSUFFIX NAME [options]
Request a full re-initialization of the node retrieving data from the other node. Options: -h, --help show this help message and exit --left Initialize left node --right Initialize right node --stop Stop already started refresh of chosen node(s)
I would advise to make a backup first, just in case you pick the wrong side...
I must have made a typo when I tried the re-initialization last time. Issuing the re-initialization command
ipa topologysegment-reinitialize --left Suffix name: domain Segment name: pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at
worked. However, I still get the error in the logs:
Nov 25 11:54:55 pipa02.linux.mydomain.at ns-slapd[3627]: [25/Nov/2020:11:54:55.359818393 +0100] - ERR - NSMMReplicationPlugin - changelog program - repl_plugin_name_cl - agmt="cn=pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at" (pipa06:389): CSN 5ed7493d000100190000 not found, we aren't as up to date, or we purged Nov 25 11:54:55 pipa02.linux.mydomain.at ns-slapd[3627]: [25/Nov/2020:11:54:55.360940111 +0100] - ERR - NSMMReplicationPlugin - send_updates - agmt="cn=pipa02.linux.mydomain.at-to-pipa06.linux.mydomain.at" (pipa06:389): Data required to update replica has been purged from the changelog. If the error persists the replica must be reinitialized.
What should i do?
Cheers, Ronald
freeipa-users@lists.fedorahosted.org