[Freeipa-users] unable to delete dead freeipa replica
Andrew Holway
andrew.holway at gmail.com
Fri Nov 6 14:58:17 UTC 2015
Hi Petr,
Ill do that thanks.
This is pretty onerous work. There are quite a few resource records and
each one has to be entered and cleaned. Easy to make mistakes.
Do you have some idea why these records didn't get cleaned. If this happens
in the future how should we handle it? We're using AWS so the chances of
IPA servers falling over seems to be quite high :)
Thanks
Andrew
On 6 November 2015 at 15:53, Petr Vobornik <pvoborni at redhat.com> wrote:
> On 11/06/2015 03:37 PM, Andrew Holway wrote:
>
>> Thanks Petr,
>>
>> Tried this and get the following output with the verbose flag:
>>
>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
>>
>> Cleaning a master is irreversible.
>>
>> This should not normally be require, so use cautiously.
>>
>> Continue to clean master? [no]: yes
>>
>>
>> I still however see this machine as a nameserver for this domain. Also,
>> SRV
>> records pointing to it are still being served.
>>
>> [root at freeipa-prod-a-033 centos]# dig NS cloud.dcmn.com +short
>>
>> freeipa-prod-a-031.cloud.foo.com.
>>
>> freeipa-prod-b-032.cloud.foo.com.
>>
>> freeipa-prod-a-033.cloud.foo.com.
>>
>
> Then you can try to check DNS settings, easy in Web UI, and remove
> references to old server if there are any.
>
>
>
>>
>> Cheers,
>>
>> Andrew
>>
>>
>>
>> On 6 November 2015 at 15:28, Petr Vobornik <pvoborni at redhat.com> wrote:
>>
>> On 11/05/2015 05:32 PM, Andrew Holway wrote:
>>>
>>> Actually I'm starting to feel like this is a bug. Managed to get the old
>>>> IPA server back up and ran .
>>>>
>>>> "ipa-server-install --uninstall"
>>>>
>>>> Which completed successfully and gave the advice:
>>>>
>>>> Replication agreements with the following IPA masters found: freeipa-
>>>>
>>>> prod-b-032.cloud.foo.com. Removing any replication agreements before
>>>>
>>>> uninstalling the server is strongly recommended. You can remove
>>>> replication
>>>>
>>>> agreements by running the following command on any other IPA master:
>>>>
>>>> $ ipa-replica-manage del freeipa-prod-a-031.cloud.foo.com
>>>>
>>>>
>>>> Running this command on the other IPA servers gives the following:
>>>>
>>>>
>>>> [root at freeipa-prod-a-033 centos]# ipa-replica-manage del
>>>> freeipa-prod-a-031.cloud.foo.com
>>>>
>>>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported
>>>> attribute
>>>>
>>>> 'freeipa-prod-a-033.cloud.dcmn.com' has no replication agreement for'
>>>> freeipa-prod-a-031.cloud.foo.com'
>>>>
>>>>
>>>> I dont see anything in the logs.
>>>>
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> Andrew
>>>>
>>>> On 5 November 2015 at 16:58, Andrew Holway <andrew.holway at gmail.com>
>>>> wrote:
>>>>
>>>> One of our FreeIPA replicas had its filesystem hosed so we want to
>>>> remove
>>>>
>>>>> it. Can someone show me the sequence of commands to remove a down
>>>>> replica?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Andrew
>>>>>
>>>>>
>>>>>
>>>>> [root at freeipa-prod-a-033 centos]# ipa-replica-manage list
>>>>>
>>>>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported
>>>>> attribute
>>>>>
>>>>> freeipa-prod-a-031.cloud.foo.com: master
>>>>>
>>>>> freeipa-prod-a-033.cloud.foo.com: master
>>>>>
>>>>> freeipa-prod-b-032.cloud.foo.com: master
>>>>>
>>>>> [root at freeipa-prod-a-033 centos]# ipa-replica-manage del --force
>>>>> freeipa-prod-a-031.foo.dcmn.com
>>>>>
>>>>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported
>>>>> attribute
>>>>>
>>>>> 'freeipa-prod-a-033.cloud.foo.com' has no replication agreement for'
>>>>> freeipa-prod-a-031.cloud.dcmn.com'
>>>>>
>>>>>
>>>>> If freeipa-prod-a-031 is already uninstall, use also --cleanup option:
>>>
>>> ipa-replica-manage del --force --cleanup freeipa-prod-a-031.foo.dcmn.com
>>>
>>> -f, --force
>>> Ignore some types of errors, don't prompt when deleting a
>>> master
>>> -c, --cleanup
>>> When deleting a master with the --force flag, remove
>>> leftover references to an already deleted master.
>>> --
>>> Petr Vobornik
>>>
>>>
>> --
> Petr Vobornik
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151106/72b02022/attachment.htm>
More information about the Freeipa-users
mailing list