HI, I am facing a repeated phenomenon, I have installed one FreeIPA server and two replica FreeIPA servers. All are masters (roles are being assigned automatically).
The problem i experience directly after fresh install is that the topology keep breaks or at least "disconnected" after left the servers off for few hours. The is literally no data on the servers and no changes are being made, first everything works ok, i even check the sync and all is working and syncing well, only after few hours that the serves are up again, the issues starts show up, here hare some paste from the servers: [root@ipa-server1 ~]# ipa topologysuffix-verify domain ======================================================== Replication topology of suffix "domain" contains errors. ======================================================== ------------------------ Topology is disconnected ------------------------ Server ipa-server1.ipa.example.com can't contact servers: ipa-server3.ipa.example.com Server ipa-dctrlv2.ipa.example.com can't contact servers: ipa-server3.ipa.example.com [root@ipa-server1 ~]# reboot Last login: Wed Jan 20 16:17:02 2021 from 192.168.2.100 [root@ipa-server1 ~]# ipa topologysuffix-show # display all managed hosts and segments Suffix name: all ipa: ERROR: all: suffix not found [root@ipa-server1 ~]# ipa topologysuffix-verify # check connectivity, missing connections, redundant connections Suffix name: dc=int,dc=example,dc=com ipa: ERROR: dc=int,dc=example,dc=com: suffix not found [root@ipa-server1 ~]# ipa topologysuffix-verify # check connectivity, missing connections, redundant connections Suffix name: domain ======================================================== Replication topology of suffix "domain" contains errors. ======================================================== ------------------------ Topology is disconnected ------------------------ Server ipa-server1.ipa.example.com can't contact servers: ipa-server3.ipa.example.com Server ipa-dctrlv2.ipa.example.com can't contact servers: ipa-server3.ipa.example.com [root@ipa-server1 ~]# ipa topologysegment-find domain Replication topology of suffix "domain" is in order. ==================================================== [root@ipa-server3 ~]# ipa-replica-manage re-initialize --from ipa-dctrlv2.ipa.example.com 'ipa-server3.ipa.example.com' has no replication agreement for 'ipa-dctrlv2.ipa.example.com' [root@ipa-server3 ~]# ipa topologysegment-find Suffix name: domain ------------------ 2 segments matched ------------------ Segment name: ipa-server1.ipa.example.com-to-ipa-dctrlv2.ipa.example.com Left node: ipa-server1.ipa.example.com Right node: ipa-dctrlv2.ipa.example.com Connectivity: both Segment name: ipa-server1.ipa.example.com-to-ipa-server3.ipa.example.com Left node: ipa-server1.ipa.example.com Right node: ipa-server3.ipa.example.com Connectivity: both ---------------------------- Number of entries returned 2 ---------------------------- [root@ipa-server3 ~]# ipa topologysegment-find^C [root@ipa-server3 ~]# pa topologysegment-del -bash: pa: command not found [root@ipa-server3 ~]# ipa topologysegment-del Suffix name: domain Segment name: ipa-server1.ipa.example.com-to-ipa-server3.ipa.example.com ipa: ERROR: Server is unwilling to perform: Removal of Segment disconnects topology.Deletion not allowed. [root@ipa-server3 ~]# ipa topologysegment-add ipa-server1.ipa.example.com-to-ipa-server3.ipa.example.com Left node: ipa-server1.ipa.example.com Right node: ipa-server3.ipa.example.com Segment name [ipa-server1.ipa.example.com-to-ipa-server3.ipa.example.com]: ipa: ERROR: invalid 'leftnode': left node (ipa-server1.ipa.example.com) does not support suffix 'ipa-server1.ipa.example.com-to-ipa-server3.ipa.example.com' [root@ipa-server3 ~]# Last login: Sat Jan 16 18:11:10 2021 from 192.168.2.100 [root@ipa-server3 ~]# Can someone please help understand why new installed servers with clean topology and no changes are breaking after few hours? Thanks on advance _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
