[Freeipa-users] Issues with 'A replication agreement for the host already exists', when it very much doesn't

Ludwig Krispenz lkrispen at redhat.com
Tue Dec 22 08:28:09 UTC 2015 

On 12/21/2015 05:49 PM, Alex Williams wrote:
> I began installing a new ipa4 replica this morning and it all went 
> wrong. The ipa-replica-install script got all the way to restarting 
> ipa with systemctl at the very end, having set up replication and then 
> fell over, because systemctl couldn't find the ipa service. I removed 
> the replica from our master, I deleted the host from there too, I 
> un-installed ipa-server on the new replica machine, I even created a 
> new replica-prepare script on the master, but now the server just 
> errors immediately with:
>
>     A replication agreement for this host already exists. It needs to 
> be removed.
>
> I've verified several times, that no replica, or host with the same 
> name exists in the master, there are no ldap entries under masters, 
> with that hostname, nothing. There is literally no trace of the new 
> host, on the old master. Running `ipa-replica-manage list` shows just 
> the 3 ipa servers we have already, no sign of this new host. Yet, if I 
> run `ipa-replica-manage del hostname --force` on the master, it will 
> in fact say that it's forcing removal, skipping checking if anything 
> will be orphaned and that no RUV records were found.
>
> I'm now lost, I really don't know where to start with fixing this.
we should first try to get a clear picture of existing agreements and 
state of replication. Could you on all servers do the following searches 
(as directory manager)

ldapsearch -LLL -o ldif-wrap=no  ..... -b "cn=config" 
"objectclass=nsds5replicationagreement" nsDS5ReplicaRoot nsDS5ReplicaHost
ldapsearch -LLL -o ldif-wrap=no ...... -b "cn=config" 
"objectclass=nsds5replica" nsDS5ReplicaRoot nsDS5ReplicaId nsds50ruv
>
> Not sure if this is relevant or not, but I'd rather bring it up and it 
> not be, than not mention it and it turn out to be the reason. Our yum 
> mirror is unfortunately now holding rhel7.2 packages, whilst our 
> servers, are still on rhel7.1, which means our existing IPA servers, 
> are ipa4.1 and the new one I tried to install, was ipa4.2, but on a 
> rhel7.1 box. I had previously attributed the failed systemctl command, 
> to the fact that I was trying to run ipa4.2 on a rhel7.1 box, as I'm 
> told there were a lot of modifications to systemctl in rhel7.2, but I 
> need to fix this replication agreement issue, before I can try again 
> with the box upgraded to rhel7.2.
>
> Any ideas?
>
> Cheers
>
> Alex
>

More information about the Freeipa-users mailing list