Hi,

On Wed, Feb 12, 2025 at 1:06 AM Chris Jacobs via FreeIPA-users <
[email protected]> wrote:

> I have tried (providing password and our actual domain name scrubbed
> below):
>
> Which ipa / 389ds version is installed?

clean dangling ruvs using
> ```
> [email protected] ~ # ipa-replica-manage clean-dangling-ruv
> unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000
> unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000
> unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000
> unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000
> No dangling RUVs found
> ```
> cleaning that ruv specifically:
> ```
> root@ipa01 ~ # ipa-replica-manage --force --cleanup clean-ruv 27
> unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000
> Replica ID 27 not found
> ```
> ldapmodify - which runs without error and no change:
> ```
> root@ipa01 ~ # cat clean-27.ldif
> dn: cn=clean 27,cn=cleanallruv,cn=tasks,cn=config
> changetype: add
> objectclass: top
> objectclass: extensibleObject
> replica-base-dn: dc=ipa,dc=example,dc=net
> replica-id: 27
> cn: clean 27
>
> root@ipa01 ~ # ldapmodify -D "cn=directory manager" -f clean-27.ldif
> adding new entry "cn=clean 27,cn=cleanallruv,cn=tasks,cn=config"
> ```
>
> This ldapmodify creates a task that runs in the background. You would need
to check if it completed, either by looking at the logs in
/var/log/dirsrv/slapd-XXX/errors or by performing a ldapsearch on this
clean allruv task. Look for the attributes nstaskstatus and nsTaskExitCode.
You can find more information here
<https://www.port389.org/docs/389ds/howto/howto-cleanruv.html#cleanallruv>.

HTH,
flo

Here's the topology (you can see ipa and idm nodes - working to eventually
> replace the CentOS 7 ipa nodes with RHEL8 idm nodes - but this replica 27
> has been around ... forever as far as I'm concerned):
> ```
> root@ipa01 ~ # ipa topologysegment-find domain
> ------------------
> 9 segments matched
> ------------------
>   Segment name: idm01.example.net-to-idm02.example.net
>   Left node: idm01.example.net
>   Right node: idm02.example.net
>   Connectivity: both
>
>   Segment name: idm01.example.net-to-ipa01.example.net
>   Left node: idm01.example.net
>   Right node: ipa01.example.net
>   Connectivity: both
>
>   Segment name: idm02.example.net-to-idm04.example.net
>   Left node: idm02.example.net
>   Right node: idm04.example.net
>   Connectivity: both
>
>   Segment name: idm03.example.net-to-idm01.example.net
>   Left node: idm03.example.net
>   Right node: idm01.example.net
>   Connectivity: both
>
>   Segment name: idm04.example.net-to-idm03.example.net
>   Left node: idm04.example.net
>   Right node: idm03.example.net
>   Connectivity: both
>
>   Segment name: ipa01.example.net-to-ipa02.example.net
>   Left node: ipa01.example.net
>   Right node: ipa02.example.net
>   Connectivity: both
>
>   Segment name: ipa01.example.net-to-ipa03.example.net
>   Left node: ipa01.example.net
>   Right node: ipa03.example.net
>   Connectivity: both
>
>   Segment name: ipa02.example.net-to-ipa04.example.net
>   Left node: ipa02.example.net
>   Right node: ipa04.example.net
>   Connectivity: both
>
>   Segment name: ipa03.example.net-to-ipa04.example.net
>   Left node: ipa03.example.net
>   Right node: ipa04.example.net
>   Connectivity: both
> ----------------------------
> Number of entries returned 9
> ----------------------------
> root@ipa01 ~ # ipa topologysegment-find ca
> ------------------
> 9 segments matched
> ------------------
>   Segment name: idm01.example.net-to-idm02.example.net
>   Left node: idm01.example.net
>   Right node: idm02.example.net
>   Connectivity: both
>
>   Segment name: idm01.example.net-to-ipa01.example.net
>   Left node: idm01.example.net
>   Right node: ipa01.example.net
>   Connectivity: both
>
>   Segment name: idm02.example.net-to-idm04.example.net
>   Left node: idm02.example.net
>   Right node: idm04.example.net
>   Connectivity: both
>
>   Segment name: idm03.example.net-to-idm01.example.net
>   Left node: idm03.example.net
>   Right node: idm01.example.net
>   Connectivity: both
>
>   Segment name: idm04.example.net-to-idm03.example.net
>   Left node: idm04.example.net
>   Right node: idm03.example.net
>   Connectivity: both
>
>   Segment name: ipa01.example.net-to-ipa02.example.net
>   Left node: ipa01.example.net
>   Right node: ipa02.example.net
>   Connectivity: both
>
>   Segment name: ipa01.example.net-to-ipa03.example.net
>   Left node: ipa01.example.net
>   Right node: ipa03.example.net
>   Connectivity: both
>
>   Segment name: ipa02.example.net-to-ipa04.example.net
>   Left node: ipa02.example.net
>   Right node: ipa04.example.net
>   Connectivity: both
>
>   Segment name: ipa03.example.net-to-ipa04.example.net
>   Left node: ipa03.example.net
>   Right node: ipa04.example.net
>   Connectivity: both
> ----------------------------
> Number of entries returned 9
> ----------------------------
> ```
> I've even gone off the rails and manually deleted the nsds50ruv and
> nsruvReplicaLastModified entries for these on sub entries of
> cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config (where I found
> *something* referencing it).
>
> I've pored over the google results for this - including some from this
> mailing list - the unsuccessful threads seem to simply die from lack of
> response, while the successful ones found a segment they could delete.
>
> Any help would be appreciated.
>
> Thanks,
> - chris
> --
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
-- 
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to