Hi, On Wed, Feb 12, 2025 at 1:06 AM Chris Jacobs via FreeIPA-users < [email protected]> wrote:
> I have tried (providing password and our actual domain name scrubbed > below): > > Which ipa / 389ds version is installed? clean dangling ruvs using > ``` > [email protected] ~ # ipa-replica-manage clean-dangling-ruv > unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000 > unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000 > unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000 > unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000 > No dangling RUVs found > ``` > cleaning that ruv specifically: > ``` > root@ipa01 ~ # ipa-replica-manage --force --cleanup clean-ruv 27 > unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000 > Replica ID 27 not found > ``` > ldapmodify - which runs without error and no change: > ``` > root@ipa01 ~ # cat clean-27.ldif > dn: cn=clean 27,cn=cleanallruv,cn=tasks,cn=config > changetype: add > objectclass: top > objectclass: extensibleObject > replica-base-dn: dc=ipa,dc=example,dc=net > replica-id: 27 > cn: clean 27 > > root@ipa01 ~ # ldapmodify -D "cn=directory manager" -f clean-27.ldif > adding new entry "cn=clean 27,cn=cleanallruv,cn=tasks,cn=config" > ``` > > This ldapmodify creates a task that runs in the background. You would need to check if it completed, either by looking at the logs in /var/log/dirsrv/slapd-XXX/errors or by performing a ldapsearch on this clean allruv task. Look for the attributes nstaskstatus and nsTaskExitCode. You can find more information here <https://www.port389.org/docs/389ds/howto/howto-cleanruv.html#cleanallruv>. HTH, flo Here's the topology (you can see ipa and idm nodes - working to eventually > replace the CentOS 7 ipa nodes with RHEL8 idm nodes - but this replica 27 > has been around ... forever as far as I'm concerned): > ``` > root@ipa01 ~ # ipa topologysegment-find domain > ------------------ > 9 segments matched > ------------------ > Segment name: idm01.example.net-to-idm02.example.net > Left node: idm01.example.net > Right node: idm02.example.net > Connectivity: both > > Segment name: idm01.example.net-to-ipa01.example.net > Left node: idm01.example.net > Right node: ipa01.example.net > Connectivity: both > > Segment name: idm02.example.net-to-idm04.example.net > Left node: idm02.example.net > Right node: idm04.example.net > Connectivity: both > > Segment name: idm03.example.net-to-idm01.example.net > Left node: idm03.example.net > Right node: idm01.example.net > Connectivity: both > > Segment name: idm04.example.net-to-idm03.example.net > Left node: idm04.example.net > Right node: idm03.example.net > Connectivity: both > > Segment name: ipa01.example.net-to-ipa02.example.net > Left node: ipa01.example.net > Right node: ipa02.example.net > Connectivity: both > > Segment name: ipa01.example.net-to-ipa03.example.net > Left node: ipa01.example.net > Right node: ipa03.example.net > Connectivity: both > > Segment name: ipa02.example.net-to-ipa04.example.net > Left node: ipa02.example.net > Right node: ipa04.example.net > Connectivity: both > > Segment name: ipa03.example.net-to-ipa04.example.net > Left node: ipa03.example.net > Right node: ipa04.example.net > Connectivity: both > ---------------------------- > Number of entries returned 9 > ---------------------------- > root@ipa01 ~ # ipa topologysegment-find ca > ------------------ > 9 segments matched > ------------------ > Segment name: idm01.example.net-to-idm02.example.net > Left node: idm01.example.net > Right node: idm02.example.net > Connectivity: both > > Segment name: idm01.example.net-to-ipa01.example.net > Left node: idm01.example.net > Right node: ipa01.example.net > Connectivity: both > > Segment name: idm02.example.net-to-idm04.example.net > Left node: idm02.example.net > Right node: idm04.example.net > Connectivity: both > > Segment name: idm03.example.net-to-idm01.example.net > Left node: idm03.example.net > Right node: idm01.example.net > Connectivity: both > > Segment name: idm04.example.net-to-idm03.example.net > Left node: idm04.example.net > Right node: idm03.example.net > Connectivity: both > > Segment name: ipa01.example.net-to-ipa02.example.net > Left node: ipa01.example.net > Right node: ipa02.example.net > Connectivity: both > > Segment name: ipa01.example.net-to-ipa03.example.net > Left node: ipa01.example.net > Right node: ipa03.example.net > Connectivity: both > > Segment name: ipa02.example.net-to-ipa04.example.net > Left node: ipa02.example.net > Right node: ipa04.example.net > Connectivity: both > > Segment name: ipa03.example.net-to-ipa04.example.net > Left node: ipa03.example.net > Right node: ipa04.example.net > Connectivity: both > ---------------------------- > Number of entries returned 9 > ---------------------------- > ``` > I've even gone off the rails and manually deleted the nsds50ruv and > nsruvReplicaLastModified entries for these on sub entries of > cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config (where I found > *something* referencing it). > > I've pored over the google results for this - including some from this > mailing list - the unsuccessful threads seem to simply die from lack of > response, while the successful ones found a segment they could delete. > > Any help would be appreciated. > > Thanks, > - chris > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
