[Freeipa-users] unable to effectively delete a replica agreement
Karl Forner
karl.forner at gmail.com
Mon Dec 21 16:35:10 UTC 2015
It's quite a problem for me.
Would upgrading to a more recent version solve the problem ?
How does freeIPA knows that a host is a freeIPA host ? From the LDAP ?
Thanks
On Fri, Dec 18, 2015 at 3:45 PM, Karl Forner <karl.forner at gmail.com> wrote:
> I am running a master freeIPA called "ipa" in an adelton/freeipa-server
> (freeIPA 4.1.4).
> I am able to create a replica server "ipa2", still in an
> adelton/freeipa-server.
>
> If I stop my ipa2 replica, and try to delete the replication agreement:
>
> %ipa-replica-manage del ipa2.example.com --force -v
>
> It hangs forever.
> If I run it using the --cleanup option, it seems to work.
>
> But when I try to run again from scratch my replica, using the same name,
> I get:
>
> Checking forwarders, please wait ...
> WARNING: DNS forwarder 10.9.70.7 does not return DNSSEC signatures in
> answers
> Please fix forwarder configuration to enable DNSSEC support.
> (For BIND 9 add directive "dnssec-enable yes;" to "options {}")
> WARNING: DNSSEC validation will be disabled
> Warning: skipping DNS resolution of host ipa2.example.com
> Warning: skipping DNS resolution of host ipa.example.com
> Using reverse zone(s) 0.17.172.in-addr.arpa.
> A replication agreement for this host already exists. It needs to be
> removed.
> Run this on the master that generated the info file:
> % ipa-replica-manage del ipa2.example.com --force
>
> On my master:
> # ipa-replica-manage list
> ipas.example.com: master
> ipa.example.com: master
>
> I manually removed all DNS entries from the 3 zones mentioning ipa2. I can
> check in the web UI, using the search feature that ipa2 has no occurrence.
>
> So I do not understand why the replica install thinks there's still a
> replication agreement.
> And I'd like to know:
> 1) why this command did not work
>
> ipa-replica-manage del ipa2.example.com --force -v
>
>
> 2) How could I manually effectively delete this agrrement left-over.
>
>
> Thanks.
> Karl
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151221/b414ea8f/attachment.htm>
More information about the Freeipa-users
mailing list