[Freeipa-users] Stock with a Master in read-only mode

[Martin Kosek]

On 05/21/2014 08:36 AM, Davis Goodman wrote:
> Hi,
> 
> Lately I’ve been having issues of replication between my server and my 2 replicas.
> 
> I decided I was going to delete my 2 replicas and start over keeping my master intact.
> 
> I wasn`t successfull in getting all 3 servers to replicate to each other. ( it used to work)
> 
> I tried deleting  1 replica after the other one  to always keep one of the two available. 
> 
> I had to delete manually the replica host on the master with a bunch of ldapdelete command which worked fine.
> 
> But after many unsuccessful trials of getting everyone to sync I decided to delete my two replicas.
> 
> I went back to my master to use the ldapdelete to remove both host`s records so that I could start over.
> 
> Unfortunately now I’m getting this error.
> 
> ldapdelete -x -D "cn=Directory Manager" -W   cn=DNS,cn=freeipa02.mtl.domain.int,cn=masters,cn=ipa,cn=etc,dc=domain,dc=int
> Enter LDAP Password: 
> ldap_delete: Server is unwilling to perform (53)
> 	additional info: database is read-only
> 
> 
> 
> I’m kinda stuck now with no replicas and no DNS. I could restore the backup prior to the start of the operation but with a master in read-only mode it wouldn’t of much help.
> 
> Any insights would be more than welcome.
> 
> 
> Davis

Hi Davis, did maybe some of your ipa-replica-manage crashed in a middle of an
operation or an upgrade was interrupted  and left the database put in read only
mode?

You can find out with this ldapsearch:

ldapsearch -h `hostname` -D "cn=Directory Manager" -x -w kokos123 -b
'cn=userRoot,cn=ldbm database,cn=plugins,cn=config' -s base

Check for nsslapd-readonly, it should be put to "off" in normal operation.

Martin