[Freeipa-users] Cleaning Up an Unholy Mess

Rob Crittenden rcritten at redhat.com
Thu Aug 25 01:33:57 UTC 2016 

Ian Harding wrote:
> I tried to simply uninstall and reinstall freeipa-dal and this happened.
>
> It only had a replication agreement with freeipa-sea
>
> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>
> This is a NON REVERSIBLE operation and will delete all data and
> configuration!
>
> Are you sure you want to continue with the uninstall procedure? [no]: yes
> Shutting down all IPA services
> Removing IPA client configuration
> Unconfiguring ntpd
> Configuring certmonger to stop tracking system certificates for KRA
> Configuring certmonger to stop tracking system certificates for CA
> Unconfiguring CA
> Unconfiguring named
> Unconfiguring ipa-dnskeysyncd
> Unconfiguring web server
> Unconfiguring krb5kdc
> Unconfiguring kadmin
> Unconfiguring directory server
> Unconfiguring ipa_memcached
> Unconfiguring ipa-otpd
> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>
> This is a NON REVERSIBLE operation and will delete all data and
> configuration!
>
> Are you sure you want to continue with the uninstall procedure? [no]: yes
>
> WARNING: Failed to connect to Directory Server to find information about
> replication agreements. Uninstallation will continue despite the possible
> existing replication agreements.
> Shutting down all IPA services
> Removing IPA client configuration
> Configuring certmonger to stop tracking system certificates for KRA
> Configuring certmonger to stop tracking system certificates for CA
> [root at freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns
> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg
> Directory Manager (existing master) password:
>
> The host freeipa-dal.bpt.rocks already exists on the master server.
> You should remove it before proceeding:
>      % ipa host-del freeipa-dal.bpt.rocks
> [root at freeipa-dal ianh]#
>
> So I tried to delete it again with --force
>
> [root at freeipa-sea ianh]# ipa-replica-manage --force del
> freeipa-dal.bpt.rocks
> Directory Manager password:
>
> 'freeipa-sea.bpt.rocks' has no replication agreement for
> 'freeipa-dal.bpt.rocks'
> [root at freeipa-sea ianh]#
>
> Can't delete it from the master server either
>
> [root at seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks
> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
> disabled
>
>
> Now what?  I'm running out of things that work.

Not sure what version of IPA you have but try:

# ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks

If this had a CA on it then you'll want to ensure that any replication 
agreements it had have been removed as well.

rob

More information about the Freeipa-users mailing list