Kathy Zhu via FreeIPA-users wrote:
> Hi List,
>
> When I run ipa-healthcheck on all of our ipa servers, they all reported
> following:
>
> [root@ipa0 ~]# ipa-healthcheck --failures-only --output-type human
>
> ERROR:
> ipahealthcheck.ds.replication.ReplicationConflictCheck.idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com:
> Replication conflict
>
> [root@ipa0 ~]#
>
> [root@ipa0 ~]# ipa-healthcheck --failures-only
>
> [
>
> {
>
> "source": "ipahealthcheck.ds.replication",
>
> "kw": {
>
> "msg": "Replication conflict",
>
> "glue": true,
>
> "conflict": "deletedEntryHasChildren",
>
> "key": "idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com"
>
> },
>
> "uuid": "3027f742-4b7b-4a20-9650-a5a030699480",
>
> "duration": "0.002318",
>
> "when": "20210819234114Z",
>
> "check": "ReplicationConflictCheck",
>
> "result": "ERROR"
>
> }
>
> ]
>
> [root@ipa0 ~]#
>
> [root@ipa0 ~]# ipa dnsrecord-find 1.1.10.in-addr.arpa.
> --sizelimit=99999 --all --structured
>
> dn: idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com
>
> Record name: @
>
> Records:
>
> Record type: NS
>
> Record data: ipa1.example.com <http://ipa1.example.com>.
>
> NS Hostname: ipa1.example.com <http://ipa1.example.com>.
>
> idnsallowdynupdate: TRUE
>
> idnsallowquery: any;
>
> idnsallowtransfer: none;
>
> idnssoaexpire: 1209600
>
> idnssoaminimum: 3600
>
> idnssoamname: ipa0.example.com <http://ipa0.example.com>.
>
> idnssoarefresh: 3600
>
> idnssoaretry: 900
>
> idnssoarname: hostmaster
>
> idnssoaserial: 1629023582
>
> idnsupdatepolicy: grant EXAMPLE.COM <http://EXAMPLE.COM>
> krb5-subdomain 1.1.10.in-addr.arpa. PTR; grant dhcp-key wildcard * ANY;
>
> idnszoneactive: FALSE
>
> objectclass: top, idnsrecord, idnszone, glue, extensibleobject
>
> ----------------------------
>
> Number of entries returned 1
>
> ----------------------------
>
> [root@ipa0 ~]#
>
>
> Notice above, glue is true! After googling, I found following:
>
>
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/ipa-replica-manage#Solving_Orphan_Entry_Conflicts
>
>
>
> https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/managing_replication-solving_common_replication_conflicts#Solving_Common_Replication_Conflicts-Solving_Orphan_Entry_Conflicts
>
>
> The explanation made sense to me. However, I do not know what happened
> to get us into this situation.
>
>
> A good zone displays objectclass like this:
>
>
> objectclass: top, idnsrecord, idnszone
>
>
>
> Note, no "glue, extensibleobject" there.
>
>
> This zone can not be deleted since "Not allowed on non-leaf entry". Any
> ideas to delete this zone?
Do you want to delete the zone?
rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
