I have these errors in the syslog of the primary, the syslog on the secondary is clean.
Oct 30 09:41:59 ef-idm01 ns-slapd: [30/Oct/2018:09:41:59.104092627 -0700] agmt="cn=masterAgreement1-ef-idm02.production.efilm.com-pki-tomcat" (ef-idm02:389) - Can't locate CSN 5afd9651000200600000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized. Oct 30 09:41:59 ef-idm01 ns-slapd: [30/Oct/2018:09:41:59.105088278 -0700] NSMMReplicationPlugin - changelog program - agmt="cn=masterAgreement1-ef-idm02.production.efilm.com-pki-tomcat" (ef-idm02:389): CSN 5afd9651000200600000 not found, we aren't as up to date, or we purged Oct 30 09:41:59 ef-idm01 ns-slapd: [30/Oct/2018:09:41:59.105750108 -0700] NSMMReplicationPlugin - agmt="cn=masterAgreement1-ef-idm02.production.efilm.com-pki-tomcat" (ef-idm02:389): Data required to update replica has been purged from the changelog. The replica must be reinitialized.
I initiated a resync, but the errors continue to pile up on the primary.
grant@ef-idm02:~[20181030-9:36][#115]$ ipa-replica-manage force-sync --from ef-idm01.production.efilm.com Directory Manager password: ********
ipa: INFO: Setting agreement cn=meToef-idm02.production.efilm.com,cn=replica,cn=dc=production,dc=efilm,dc=com,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=meToef-idm02.production.efilm.com,cn=replica,cn=dc=production,dc=efilm,dc=com,cn=mapping tree,cn=config grant@ef-idm02:~[20181030-9:37][#116]$
thanx
- grant
This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify the sender by return email and permanently delete the original, any copy and any printout thereof. The integrity and security of e-mail cannot be guaranteed.
Hi,
Have you look at the reinitialize option rather than force-sync?
At least, it is the option we always use.
Best,
-----Original Message----- From: Grant Janssen via FreeIPA-users freeipa-users@lists.fedorahosted.org Sent: mardi 30 octobre 2018 17:46 To: FreeIPA users list freeipa-users@lists.fedorahosted.org Cc: Grant Janssen Grant.Janssen@efilm.com Subject: [Freeipa-users] replication sync issues
I have these errors in the syslog of the primary, the syslog on the secondary is clean.
Oct 30 09:41:59 ef-idm01 ns-slapd: [30/Oct/2018:09:41:59.104092627 -0700] agmt="cn=masterAgreement1-ef-idm02.production.efilm.com-pki-tomcat" (ef-idm02:389) - Can't locate CSN 5afd9651000200600000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized. Oct 30 09:41:59 ef-idm01 ns-slapd: [30/Oct/2018:09:41:59.105088278 -0700] NSMMReplicationPlugin - changelog program - agmt="cn=masterAgreement1-ef-idm02.production.efilm.com-pki-tomcat" (ef-idm02:389): CSN 5afd9651000200600000 not found, we aren't as up to date, or we purged Oct 30 09:41:59 ef-idm01 ns-slapd: [30/Oct/2018:09:41:59.105750108 -0700] NSMMReplicationPlugin - agmt="cn=masterAgreement1-ef-idm02.production.efilm.com-pki-tomcat" (ef-idm02:389): Data required to update replica has been purged from the changelog. The replica must be reinitialized.
I initiated a resync, but the errors continue to pile up on the primary.
grant@ef-idm02:~[20181030-9:36][#115]$ ipa-replica-manage force-sync --from ef-idm01.production.efilm.com Directory Manager password: ********
ipa: INFO: Setting agreement cn=meToef-idm02.production.efilm.com,cn=replica,cn=dc=production,dc=efilm,dc=com,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=meToef-idm02.production.efilm.com,cn=replica,cn=dc=production,dc=efilm,dc=com,cn=mapping tree,cn=config grant@ef-idm02:~[20181030-9:37][#116]$
thanx
- grant
This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify the sender by return email and permanently delete the original, any copy and any printout thereof. The integrity and security of e-mail cannot be guaranteed. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
I’ve tried both force-sync AND re-initialize on both hosts. I do have a question about the error in the log. though the error posts on the “master”, it appears to indicate an issue with the slave. the slave syslog is clean.
when the log indicates “The replica must be reinitialized” is it meant to be the localhost - or the remote replica?
Nov 2 09:14:12 ef-idm01 ns-slapd: [02/Nov/2018:09:14:12.421134348 -0700] agmt="cn=masterAgreement1-ef-idm02.production.efilm.com-pki-tomcat" (ef-idm02:389) - Can't locate CSN 5afd9651000200600000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized. Nov 2 09:14:12 ef-idm01 ns-slapd: [02/Nov/2018:09:14:12.422583035 -0700] NSMMReplicationPlugin - changelog program - agmt="cn=masterAgreement1-ef-idm02.production.efilm.com-pki-tomcat" (ef-idm02:389): CSN 5afd9651000200600000 not found, we aren't as up to date, or we purged Nov 2 09:14:12 ef-idm01 ns-slapd: [02/Nov/2018:09:14:12.423155007 -0700] NSMMReplicationPlugin - agmt="cn=masterAgreement1-ef-idm02.production.efilm.com-pki-tomcat" (ef-idm02:389): Data required to update replica has been purged from the changelog. The replica must be reinitialized.
thanx
- grant
On Nov 2, 2018, at 08:26, Christophe TREFOIS christophe.trefois@uni.lu wrote:
Hi,
Have you look at the reinitialize option rather than force-sync?
At least, it is the option we always use.
Best,
This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify the sender by return email and permanently delete the original, any copy and any printout thereof. The integrity and security of e-mail cannot be guaranteed.
On 11/2/18 12:21 PM, Grant Janssen via FreeIPA-users wrote:
I’ve tried both force-sync AND re-initialize on both hosts. I do have a question about the error in the log. though the error posts on the “master”, it appears to indicate an issue with the slave. the slave syslog is clean.
when the log indicates “The replica must be reinitialized” is it meant to be the localhost - or the remote replica?
The remote replica. The replica that the replication agreement points to: idm02.production.efilm.com
Regards,
Mark
Nov 2 09:14:12 ef-idm01 ns-slapd: [02/Nov/2018:09:14:12.421134348 -0700] agmt="cn=masterAgreement1-ef-idm02.production.efilm.com-pki-tomcat" (ef-idm02:389) - Can't locate CSN 5afd9651000200600000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized. Nov 2 09:14:12 ef-idm01 ns-slapd: [02/Nov/2018:09:14:12.422583035 -0700] NSMMReplicationPlugin - changelog program - agmt="cn=masterAgreement1-ef-idm02.production.efilm.com-pki-tomcat" (ef-idm02:389): CSN 5afd9651000200600000 not found, we aren't as up to date, or we purged Nov 2 09:14:12 ef-idm01 ns-slapd: [02/Nov/2018:09:14:12.423155007 -0700] NSMMReplicationPlugin - agmt="cn=masterAgreement1-ef-idm02.production.efilm.com-pki-tomcat" (ef-idm02:389): Data required to update replica has been purged from the changelog. The replica must be reinitialized.
thanx
- grant
On Nov 2, 2018, at 08:26, Christophe TREFOIS christophe.trefois@uni.lu wrote:
Hi,
Have you look at the reinitialize option rather than force-sync?
At least, it is the option we always use.
Best,
This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify the sender by return email and permanently delete the original, any copy and any printout thereof. The integrity and security of e-mail cannot be guaranteed. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org
-
Christophe TREFOIS -
Grant Janssen -
Mark Reynolds