Hi, I have 1 ipa master 'ipasrv' and 2 replicas 'iparpl1 iparpl2' installed with --setup-ca option. Since a few days I have an issue with '389 Directory Server' on the master (ipasrv) and on the 2nd replica (iparpl2) with the following messages:
The configuration file /etc/dirsrv/slapd-MYINSTANCE/dse.ldif was not restored from backup /etc/dirsrv/slapd-MYINSTANCE/dse.ldif.tmp, error -1 Apr 28 07:38:35 localhost ns-slapd: [28/Apr/2014:15:38:35 +0200] dse - The configuration file /etc/dirsrv/slapd-MYINSTANCE/dse.ldif was not restored from backup /etc/dirsrv/slapd-MYINSTANCE/dse.ldif.bak, error -1 Apr 28 07:38:35 localhost ns-slapd: [28/Apr/2014:15:38:35 +0200] config - The given config file /etc/dirsrv/slapd-MYINSTANCE/dse.ldif could not be accessed, Netscape Portable Runtime error -5950 (File not found.) The files dse.ldif and dse.ldif.bak are lost. On my 1st replica (iparpl1) everything is OK. No Full IPA backup and LDAP backup done on ipasrv and iparpl2. A) Can I restore those files from iparpl1 ? B) I am a little bit confused after reading the documentation on http://www.freeipa.org/page/Backup_and_Restore - can I consider that the ipa replicas are like ipa master ? In this case when I want to execute the manual procedure in chapter 'One Server Loss' 1. Clean deployment from the lost server by removing all replication agreements with it. from iparpl1 I have the following results: [root@iparpl1 ~]# ipa-replica-manage del iparpl2.mydomain 'iparpl1.mydomain' has no replication agreement for 'iparpl2.mydomaon' [root@iparpl1 ~]# ipa-replica-manage del ipasrv.mydomain Connection to 'ipasrv.mydomain' failed: Unable to delete replica 'ipasrv.mydomain' 2. Choose another FreeIPA Server with CA installed to become the first master Can I do this request from my 1st replica iparpl1 and how ? 3. Nominate this master to be the one in charge or renewing certs and publishing CRLS. This is a manual procedure at the moment. 4. Follow standard installation procedure to deploy a new master on a hardware/VM of your choice this request is to install a replica not a master ? Thanks for your help. _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
