HI,
I am facing a repeated phenomenon, I have installed one FreeIPA server and two replica
FreeIPA servers.
All are masters (roles are being assigned automatically).
The problem i experience directly after fresh install is that the topology keep breaks or
at least "disconnected" after left the servers off for few hours.
The is literally no data on the servers and no changes are being made, first everything
works ok, i even check the sync and all is working and syncing well, only after few hours
that the serves are up again, the issues starts show up, here hare some paste from the
servers:
[root@ipa-server1 ~]# ipa topologysuffix-verify domain
========================================================
Replication topology of suffix "domain" contains errors.
========================================================
------------------------
Topology is disconnected
------------------------
Server
ipa-server1.ipa.example.com can't contact servers:
ipa-server3.ipa.example.com
Server
ipa-dctrlv2.ipa.example.com can't contact servers:
ipa-server3.ipa.example.com
[root@ipa-server1 ~]# reboot
Last login: Wed Jan 20 16:17:02 2021 from 192.168.2.100
[root@ipa-server1 ~]# ipa topologysuffix-show # display all managed hosts and segments
Suffix name: all
ipa: ERROR: all: suffix not found
[root@ipa-server1 ~]# ipa topologysuffix-verify # check connectivity, missing connections,
redundant connections
Suffix name: dc=int,dc=example,dc=com
ipa: ERROR: dc=int,dc=example,dc=com: suffix not found
[root@ipa-server1 ~]# ipa topologysuffix-verify # check connectivity, missing connections,
redundant connections
Suffix name: domain
========================================================
Replication topology of suffix "domain" contains errors.
========================================================
------------------------
Topology is disconnected
------------------------
Server
ipa-server1.ipa.example.com can't contact servers:
ipa-server3.ipa.example.com
Server
ipa-dctrlv2.ipa.example.com can't contact servers:
ipa-server3.ipa.example.com
[root@ipa-server1 ~]# ipa topologysegment-find domain
Replication topology of suffix "domain" is in order.
====================================================
[root@ipa-server3 ~]# ipa-replica-manage re-initialize --from
ipa-dctrlv2.ipa.example.com
'ipa-server3.ipa.example.com' has no replication agreement for
'ipa-dctrlv2.ipa.example.com'
[root@ipa-server3 ~]# ipa topologysegment-find
Suffix name: domain
------------------
2 segments matched
------------------
Segment name:
ipa-server1.ipa.example.com-to-ipa-dctrlv2.ipa.example.com
Left node:
ipa-server1.ipa.example.com
Right node:
ipa-dctrlv2.ipa.example.com
Connectivity: both
Segment name:
ipa-server1.ipa.example.com-to-ipa-server3.ipa.example.com
Left node:
ipa-server1.ipa.example.com
Right node:
ipa-server3.ipa.example.com
Connectivity: both
----------------------------
Number of entries returned 2
----------------------------
[root@ipa-server3 ~]# ipa topologysegment-find^C
[root@ipa-server3 ~]# pa topologysegment-del
-bash: pa: command not found
[root@ipa-server3 ~]# ipa topologysegment-del
Suffix name: domain
Segment name:
ipa-server1.ipa.example.com-to-ipa-server3.ipa.example.com
ipa: ERROR: Server is unwilling to perform: Removal of Segment disconnects
topology.Deletion not allowed.
[root@ipa-server3 ~]# ipa topologysegment-add
ipa-server1.ipa.example.com-to-ipa-server3.ipa.example.com
Left node:
ipa-server1.ipa.example.com
Right node:
ipa-server3.ipa.example.com
Segment name [
ipa-server1.ipa.example.com-to-ipa-server3.ipa.example.com]:
ipa: ERROR: invalid 'leftnode': left node (
ipa-server1.ipa.example.com) does not
support suffix 'ipa-server1.ipa.example.com-to-ipa-server3.ipa.example.com'
[root@ipa-server3 ~]# Last login: Sat Jan 16 18:11:10 2021 from 192.168.2.100
[root@ipa-server3 ~]#
Can someone please help understand why new installed servers with clean topology and no
changes are breaking after few hours?
Thanks on advance