Harald Dunkel via FreeIPA-users wrote: > Hi folks, > > I have almost completed the FreeIPA migration from CentOS7 to Rocky8 > (FreeIPA 4.9.11). > Domain replications seems to be fine, but I get a replication error for ca: > > [root@ipa2 ~]# ipa-csreplica-manage -v list ipaca8.example.com > Directory Manager password: > > ipa2.example.com > last init status: Error (0) Total update succeeded > last init ended: 2023-07-08 14:35:09+00:00 > last update status: Error (0) Replica acquired successfully: > Incremental update succeeded > last update ended: 2023-07-08 16:20:37+00:00 > ipabak.ac.example.com > last init status: Error (0) Total update succeeded > last init ended: 2023-07-08 16:06:05+00:00 > last update status: Error (0) Replica acquired successfully: > Incremental update succeeded > last update ended: 2023-07-08 16:20:37+00:00 > ipa0.example.com > last update status: Error (0) Replica acquired successfully: > Incremental update succeeded > last update ended: 2023-07-08 16:20:37+00:00 > > [root@ipa2 ~]# ipa-csreplica-manage -v list ipa2.example.com > Directory Manager password: > > ipaca8.example.com > last update status: Error (11) Replication error acquiring replica: > Unable to acquire replica: the replica has the same Replica ID as this > one. Replication is aborting. (duplicate replica ID detected) > last update ended: 2023-07-08 15:03:47+00:00 > ipa1.example.com > last update status: Error (0) Replica acquired successfully: > Incremental update succeeded > last update ended: 2023-07-08 16:20:40+00:00 > > > Obviously replication between ipaca8 (the CA) amd ipa2 is bad. Here is > the topology for ca: > > [root@ipa2 ~]# ipa topologysegment-find ca | sed s/aixigo.de/example.com/g > > ------------------ > 5 segments matched > ------------------ > Segment name: ipa0.example.com-to-ipa1.example.com > Left node: ipa0.example.com > Right node: ipa1.example.com > Connectivity: both > > Segment name: ipa0.example.com-to-ipaca8.example.com > Left node: ipa0.example.com > Right node: ipaca8.example.com > Connectivity: both > > Segment name: ipa1.example.com-to-ipa2.example.com > Left node: ipa1.example.com > Right node: ipa2.example.com > Connectivity: both > > Segment name: ipa2.example.com-to-ipaca8.example.com > Left node: ipa2.example.com > Right node: ipaca8.example.com > Connectivity: both > > Segment name: ipabak.ac.example.com-to-ipaca8.example.com > Left node: ipabak.ac.example.com > Right node: ipaca8.example.com > Connectivity: both > ---------------------------- > Number of entries returned 5 > ----------------------------
The ipa-replica-manage list-ruv command may provide confirmation but I assume 389-ds has it right and there are duplicate replica ids. I'd first check ipabak to see if it is up-to-date. Since ipa8 has multiple replication connections it should be ok but I'd start there. If that's fine then I'd delete the bad connection and re-create it using the topology commands in the UI or CLI. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
