Hi List,
When I run ipa-healthcheck on all of our ipa servers, they all reported
following:
[root@ipa0 ~]# ipa-healthcheck --failures-only --output-type human
ERROR:
ipahealthcheck.ds.replication.ReplicationConflictCheck.idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com:
Replication conflict
[root@ipa0 ~]#
[root@ipa0 ~]# ipa-healthcheck --failures-only
[
{
"source": "ipahealthcheck.ds.replication",
"kw": {
"msg": "Replication conflict",
"glue": true,
"conflict": "deletedEntryHasChildren",
"key": "idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com"
},
"uuid": "3027f742-4b7b-4a20-9650-a5a030699480",
"duration": "0.002318",
"when": "20210819234114Z",
"check": "ReplicationConflictCheck",
"result": "ERROR"
}
]
[root@ipa0 ~]#
[root@ipa0 ~]# ipa dnsrecord-find 1.1.10.in-addr.arpa. --sizelimit=99999
--all --structured
dn: idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com
Record name: @
Records:
Record type: NS
Record data: ipa1.example.com.
NS Hostname: ipa1.example.com.
idnsallowdynupdate: TRUE
idnsallowquery: any;
idnsallowtransfer: none;
idnssoaexpire: 1209600
idnssoaminimum: 3600
idnssoamname: ipa0.example.com.
idnssoarefresh: 3600
idnssoaretry: 900
idnssoarname: hostmaster
idnssoaserial: 1629023582
idnsupdatepolicy: grant EXAMPLE.COM krb5-subdomain 1.1.10.in-addr.arpa.
PTR; grant dhcp-key wildcard * ANY;
idnszoneactive: FALSE
objectclass: top, idnsrecord, idnszone, glue, extensibleobject
----------------------------
Number of entries returned 1
----------------------------
[root@ipa0 ~]#
Notice above, glue is true! After googling, I found following:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/ipa-replica-manage#Solving_Orphan_Entry_Conflicts
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/managing_replication-solving_common_replication_conflicts#Solving_Common_Replication_Conflicts-Solving_Orphan_Entry_Conflicts
The explanation made sense to me. However, I do not know what happened to
get us into this situation.
A good zone displays objectclass like this:
objectclass: top, idnsrecord, idnszone
Note, no "glue, extensibleobject" there.
This zone can not be deleted since "Not allowed on non-leaf entry". Any
ideas to delete this zone?
Thanks.
Kathy.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
