[Freeipa-users] unable to delete dead freeipa replica

Petr Vobornik pvoborni at redhat.com
Fri Nov 6 14:53:14 UTC 2015 

On 11/06/2015 03:37 PM, Andrew Holway wrote:
> Thanks Petr,
>
> Tried this and get the following output with the verbose flag:
>
> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
>
> Cleaning a master is irreversible.
>
> This should not normally be require, so use cautiously.
>
> Continue to clean master? [no]: yes
>
>
> I still however see this machine as a nameserver for this domain. Also, SRV
> records pointing to it are still being served.
>
> [root at freeipa-prod-a-033 centos]# dig NS cloud.dcmn.com +short
>
> freeipa-prod-a-031.cloud.foo.com.
>
> freeipa-prod-b-032.cloud.foo.com.
>
> freeipa-prod-a-033.cloud.foo.com.

Then you can try to check DNS settings, easy in Web UI, and remove 
references to old server if there are any.

>
>
> Cheers,
>
> Andrew
>
>
>
> On 6 November 2015 at 15:28, Petr Vobornik <pvoborni at redhat.com> wrote:
>
>> On 11/05/2015 05:32 PM, Andrew Holway wrote:
>>
>>> Actually I'm starting to feel like this is a bug. Managed to get the old
>>> IPA server back up and ran .
>>>
>>> "ipa-server-install --uninstall"
>>>
>>> Which completed successfully and gave the advice:
>>>
>>> Replication agreements with the following IPA masters found: freeipa-
>>>
>>> prod-b-032.cloud.foo.com. Removing any replication agreements before
>>>
>>> uninstalling the server is strongly recommended. You can remove
>>> replication
>>>
>>> agreements by running the following command on any other IPA master:
>>>
>>> $ ipa-replica-manage del freeipa-prod-a-031.cloud.foo.com
>>>
>>>
>>> Running this command on the other IPA servers gives the following:
>>>
>>>
>>> [root at freeipa-prod-a-033 centos]# ipa-replica-manage del
>>> freeipa-prod-a-031.cloud.foo.com
>>>
>>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
>>>
>>> 'freeipa-prod-a-033.cloud.dcmn.com' has no replication agreement for'
>>> freeipa-prod-a-031.cloud.foo.com'
>>>
>>>
>>> I dont see anything in the logs.
>>>
>>>
>>> Thanks,
>>>
>>>
>>> Andrew
>>>
>>> On 5 November 2015 at 16:58, Andrew Holway <andrew.holway at gmail.com>
>>> wrote:
>>>
>>> One of our FreeIPA replicas had its filesystem hosed so we want to remove
>>>> it. Can someone show me the sequence of commands to remove a down
>>>> replica?
>>>>
>>>> Thanks,
>>>>
>>>> Andrew
>>>>
>>>>
>>>>
>>>> [root at freeipa-prod-a-033 centos]# ipa-replica-manage list
>>>>
>>>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
>>>>
>>>> freeipa-prod-a-031.cloud.foo.com: master
>>>>
>>>> freeipa-prod-a-033.cloud.foo.com: master
>>>>
>>>> freeipa-prod-b-032.cloud.foo.com: master
>>>>
>>>> [root at freeipa-prod-a-033 centos]# ipa-replica-manage del --force
>>>> freeipa-prod-a-031.foo.dcmn.com
>>>>
>>>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
>>>>
>>>> 'freeipa-prod-a-033.cloud.foo.com' has no replication agreement for'
>>>> freeipa-prod-a-031.cloud.dcmn.com'
>>>>
>>>>
>> If freeipa-prod-a-031 is already uninstall, use also --cleanup option:
>>
>> ipa-replica-manage del --force --cleanup freeipa-prod-a-031.foo.dcmn.com
>>
>>         -f, --force
>>                Ignore some types of errors, don't prompt when deleting a
>> master
>>         -c, --cleanup
>>                When deleting a master with the --force flag, remove
>> leftover references to an already deleted master.
>> --
>> Petr Vobornik
>>
>
-- 
Petr Vobornik

More information about the Freeipa-users mailing list