Rolling upgrade to Daffodil - Ldap MMR

Looking to migrate to ZCS? Ask here. Got a great tip or script that helped you migrate? Post it here.
Post Reply
dapa6
Posts: 23
Joined: Fri Jun 08, 2018 3:51 pm
Location: Italia

Rolling upgrade to Daffodil - Ldap MMR

Post by dapa6 »

Hello

we are migrating following the rolling upgrade procedure from 8.8.15 to 10.1.2.

Currently, there are two LDAP master servers and 1 replica on CentOS7.

Wanting to update the operating system of the LDAP nodes as well we installed a third LDAP MMR (Sid=3) on Rocky 8.

We followed this guide to install the third master:

https://wiki.zimbra.com/wiki/LDAP_Multi ... tion_(sid)

installation was ok but after updating ldap_url and ldap_master_url on all the masters they get out of sync (Code 6) on zmreplchk.

In /var/log/zimbra.log many of these rows:

Oct 26 23:26:06 rocky8-ldap01 slapd[35634]: do_syncrep2: rid=100 CSN too old, ignoring 20241026212606.118804Z#000000#001#000000 (reqStart=20241026212606.000002Z,cn=accesslog)

Removing agreement with the third master and removing this node restored the sync between the two CentOS 7 master.



zmreplchk output now:

Master: ldap://ldap01.my.domain:389 ServerID: 2 Code: 0 Status: In Sync CSNs:
20241026213650.211348Z#000000#001#000000
20241026213452.553737Z#000000#002#000000
20241026205811.393101Z#000000#003#000000
Master: ldap://ldap01.my.domain:389 ServerID: 1 Code: 0 Status: In Sync CSNs:
20241026213650.211348Z#000000#001#000000
20241026213452.553737Z#000000#002#000000
20241026205811.393101Z#000000#003#000000

does the last row refers to the Rocky8 node we just removed ?

If we want to retry the installation, should we use sid=4 as the SID on a new server ?

Thanks!
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2844
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.10 Network Edition
Contact:

Re: Rolling upgrade to Daffodil - Ldap MMR

Post by L. Mark Stone »

dapa6 wrote: Sun Oct 27, 2024 5:06 pm Hello

we are migrating following the rolling upgrade procedure from 8.8.15 to 10.1.2.

Currently, there are two LDAP master servers and 1 replica on CentOS7.

Wanting to update the operating system of the LDAP nodes as well we installed a third LDAP MMR (Sid=3) on Rocky 8.

We followed this guide to install the third master:

https://wiki.zimbra.com/wiki/LDAP_Multi ... tion_(sid)

installation was ok but after updating ldap_url and ldap_master_url on all the masters they get out of sync (Code 6) on zmreplchk.

In /var/log/zimbra.log many of these rows:

Oct 26 23:26:06 rocky8-ldap01 slapd[35634]: do_syncrep2: rid=100 CSN too old, ignoring 20241026212606.118804Z#000000#001#000000 (reqStart=20241026212606.000002Z,cn=accesslog)

Removing agreement with the third master and removing this node restored the sync between the two CentOS 7 master.



zmreplchk output now:

Master: ldap://ldap01.my.domain:389 ServerID: 2 Code: 0 Status: In Sync CSNs:
20241026213650.211348Z#000000#001#000000
20241026213452.553737Z#000000#002#000000
20241026205811.393101Z#000000#003#000000
Master: ldap://ldap01.my.domain:389 ServerID: 1 Code: 0 Status: In Sync CSNs:
20241026213650.211348Z#000000#001#000000
20241026213452.553737Z#000000#002#000000
20241026205811.393101Z#000000#003#000000

does the last row refers to the Rocky8 node we just removed ?

If we want to retry the installation, should we use sid=4 as the SID on a new server ?

Thanks!
"CSN too old" can mean the clocks on the new and old servers are set to different time zones.

Any errors in DNS and/or /etc/hosts can also cause issues when deploying a new MMR node.

Same for SSL certificates (self-signed?) with LDAP TLS supported/required and secure interprocess communication attributes needing to be aligned.

That wiki you referenced, while certified, is only certified for Zimbra 8.0.

I'd recommend following the Multi-Server Installation Guide: https://zimbra.github.io/documentation/ ... eplication

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Post Reply