[Freeipa-users] Replica master in strange state -- how to resolve?
Rob Crittenden
rcritten at redhat.com
Tue Dec 17 03:37:24 UTC 2013
Dmitri Pal wrote:
> On 12/16/2013 10:40 AM, Bret Wortman wrote:
>> I had a replica that was completely failing to respond to its clients,
>> so I removed it by first running "ipa-replica-manage del" on the
>> replica master, then "ipa-server-install -U --uninstall" on the
>> replica. I regenereated the replica file and, upon trying to
>> re-initialize the replica, received this error:
>>
>> :
>> The host fsipa.spx.net already exists on the master server.
>> You should remove it before proceeding:
>> % ipa host-del fsipa.damascusgrp.com
>> [root at fsipa ~]#
>>
>> On the master:
>>
>> [root at ipamaster ~]# ipa host-del fsipa.damascusgrp.com
>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted
>> or disabled
>> [root at ipamaster ~]# ipa host-show fsipa.damascusgrp.com
>> Host name: fsipa.damascusgrp.com
>> Principal name: host/fsipa.damascusgrp.com at DAMASCUSGRP.COM
>> Password: False
>> Keytab: True
>> Managed by: fsipa.damascusgrp.com
>> SSH public key fingerprint: ...
>> :
>> [root at ipamaster ~]# ipa-replica-manage del fsipa.damascusgrp.com
>> 'ipamaster.damascusgrp.com' has no replication agreement for
>> 'fsipa.damascusgrp.com'
>> [root at ipamaster ~]#
>>
>> What's the right way to clean this up without making the situation worse?
>
> Do you use IPA DNS?
> What does DNS say about fsipa.damascusgrp.com and fsipa.spx.net?
It would appear that the replica uninstallation was a bit incomplete.
The lack of replication may be part of, or the cause of, the problem.
I guess I would start by double-checking that the remaining master
doesn't have an RUV record for the old one:
# ipa-replica-manage list-ruv
If so you can use the clean-ruv command to clean things up. Be very
careful what number you plug in there. This is one of those "with great
power comes great responsibility" commands.
As for the remaining master entries, you'll need to use ldapdelete to
remove them.
Something like this:
# ldapdelete -x -D 'cn=directory manager' -W r
cn=replica-to-delete.example.com,cn=masters,cn=ipa,cn=etc,dc=greyoak,dc=com
^D
My syntax may be a bit off but you basically want to delete this entry
and all its children. If you're nervous stick in the -n option and it
will tell you what its going to do without deleting anything.
Newer IPA has a new command in ipa-replica-manage to make this cleanup
easier.
Once those entries are gone you can delete the host entry and proceed on
your way.
rob
More information about the Freeipa-users
mailing list