[Freeipa-users] unable to delete dead freeipa replica

Andrew Holway andrew.holway at gmail.com
Thu Nov 5 16:37:31 UTC 2015


The now dead IPA server is still seen as authoritative for the domain.

[root at freeipa-prod-a-033 centos]# dig NS cloud.foo.com +short

freeipa-prod-b-032.cloud.foo.com.

freeipa-prod-a-033.cloud.foo.com.

freeipa-prod-a-031.cloud.foo.com.

On 5 November 2015 at 17:32, Andrew Holway <andrew.holway at gmail.com> wrote:

> Actually I'm starting to feel like this is a bug. Managed to get the old
> IPA server back up and ran .
>
> "ipa-server-install --uninstall"
>
> Which completed successfully and gave the advice:
>
> Replication agreements with the following IPA masters found: freeipa-
>
> prod-b-032.cloud.foo.com. Removing any replication agreements before
>
> uninstalling the server is strongly recommended. You can remove replication
>
> agreements by running the following command on any other IPA master:
>
> $ ipa-replica-manage del freeipa-prod-a-031.cloud.foo.com
>
>
> Running this command on the other IPA servers gives the following:
>
>
> [root at freeipa-prod-a-033 centos]# ipa-replica-manage del
> freeipa-prod-a-031.cloud.foo.com
>
> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
>
> 'freeipa-prod-a-033.cloud.dcmn.com' has no replication agreement for '
> freeipa-prod-a-031.cloud.foo.com'
>
>
> I dont see anything in the logs.
>
>
> Thanks,
>
>
> Andrew
>
> On 5 November 2015 at 16:58, Andrew Holway <andrew.holway at gmail.com>
> wrote:
>
>> One of our FreeIPA replicas had its filesystem hosed so we want to remove
>> it. Can someone show me the sequence of commands to remove a down replica?
>>
>> Thanks,
>>
>> Andrew
>>
>>
>>
>> [root at freeipa-prod-a-033 centos]# ipa-replica-manage list
>>
>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
>>
>> freeipa-prod-a-031.cloud.foo.com: master
>>
>> freeipa-prod-a-033.cloud.foo.com: master
>>
>> freeipa-prod-b-032.cloud.foo.com: master
>>
>> [root at freeipa-prod-a-033 centos]# ipa-replica-manage del --force
>> freeipa-prod-a-031.foo.dcmn.com
>>
>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
>>
>> 'freeipa-prod-a-033.cloud.foo.com' has no replication agreement for '
>> freeipa-prod-a-031.cloud.dcmn.com'
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151105/1eb9246f/attachment.htm>


More information about the Freeipa-users mailing list