[Freeipa-users] Replacing the "master"
Rob Crittenden
rcritten at redhat.com
Thu Sep 3 22:00:14 UTC 2015
Steven Jones wrote:
> I have a 3 node IPA cluster, I have replaced the 2 "slaves" however when I try and remove the last one the master? it says,
>
> "[root at vuwunicoipam001 thing]# ipa-replica-manage del vuwunicoipam002.xxxxxxxx
> Directory Manager password:
>
> Deleting a master is irreversible.
> To reconnect to the remote master you will need to prepare a new replica file
> and re-install.
> Continue to delete? [no]: yes
> Deleting this server will orphan 'vuwunicoipam001xxxxxxxxx and vuwunicoipam003.xxxxxxxxx
> You will need to reconfigure your replication topology to delete this server.
> [root at vuwunicoipam001 thing]# ipa-replica-manage list
> Directory Manager password:
>
> vuwunicoipam002.xxxxxxxx master
> vuwunicoipam003.xxxxxxxx master
> vuwunicoipam001.xxxxxxxx master
> [root at vuwunicoipam001 thing]#"
>
> So how do I re-configure?
Every server is a master. The only differences may be the services
running (CA and/or DNS) and only one generates the CRL and manages
certificate renewal. Otherwise they are all equal masters.
This doesn't show the topology. Were I to guess it looks like:
001
/ \
002 003
So you need to run ipa-replica-manage connect vuwunicoipam002
vuwunicoipam003
Then you should be able to delete 0001. Just be sure at least one of
those other masters has a CA, if not both of them. You may need
ipa-csreplica-manage connect to connect that topology.
Also be aware of the DNA config. A master doesn't automatically get one.
It only gets it when it creates an entry that needs a range.
rob
More information about the Freeipa-users
mailing list