[Freeipa-users] Rebuilding the failing original IPA master
Steven Jones
Steven.Jones at vuw.ac.nz
Wed Nov 7 19:26:15 UTC 2012
Hi,
The master was 6.2 upgraded to 6.3 its got a "bad schema" so the advice I have is to rebuild it.
I have 2 replicas they also were upgraded but "blew up" so were rebuilt as fresh 6.3, both these are fine, replicating and working perfectly.
I dont use CA, its just self signed on them..
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Petr Spacek [pspacek at redhat.com]
Sent: Wednesday, 7 November 2012 10:17 p.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Rebuilding the failing original IPA master
Hello,
On 11/06/2012 10:22 PM, Steven Jones wrote:
> It seems I am faced with rebuilding my original IPA master....trouble is I dont know the impact and problems with doing that.
What it your topology right now?
Do you have at least one fully-functional replica?
Is CA installed on this replica? Or is it replica without Dogtag CA (i.e.
installed with self-signed certificate)?
If you have one "complete" replica including CA then you can simply destroy
old server and install fresh replica as usual.
Rob can add more details and advices.
Petr^2 Spacek
> For instance, can I simply,
>
> 1) run a db2ldif to export the ldap contents,
> 2) un-install the IPA server,
> 3) reboot and re-install it,
> 4) run ldif2db
> 5) then re-sync the two replicas?
>
> or will the two replicas need rebuilding? and rejoining fresh?
>
> Will all the hosts need re-joining?
>
> Looking at this I dont know just how easy it is or not to do.
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list