[Freeipa-users] unable to effectively delete a replica agreement
Karl Forner
karl.forner at gmail.com
Mon Jan 4 19:28:20 UTC 2016
>
> > It hangs forever.
>
> How long is forever?
>
officially it's about 15 mns. Do you mean that this delay could be expected
?
>
> > If I run it using the --cleanup option, it seems to work.
>
> That does other things.
>
and actually it did not really work.
>
> >
> > But when I try to run again from scratch my replica, using the same
> > name, I get:
> >
> > Checking forwarders, please wait ...
> > WARNING: DNS forwarder 10.9.70.7 does not return DNSSEC signatures in
> > answers
> > Please fix forwarder configuration to enable DNSSEC support.
> > (For BIND 9 add directive "dnssec-enable yes;" to "options {}")
> > WARNING: DNSSEC validation will be disabled
> > Warning: skipping DNS resolution of host ipa2.example.com
> > <http://ipa2.example.com>
> > Warning: skipping DNS resolution of host ipa.example.com
> > <http://ipa.example.com>
> > Using reverse zone(s) 0.17.172.in-addr.arpa.
> > A replication agreement for this host already exists. It needs to be
> > removed.
> > Run this on the master that generated the info file:
> > % ipa-replica-manage del ipa2.example.com <http://ipa2.example.com>
> > --force
> >
> > On my master:
> > # ipa-replica-manage list
> > ipas.example.com: master
> > ipa.example.com: master
> >
> > I manually removed all DNS entries from the 3 zones mentioning ipa2. I
> > can check in the web UI, using the search feature that ipa2 has no
> > occurrence.
> >
> > So I do not understand why the replica install thinks there's still a
> > replication agreement.
> > And I'd like to know:
> > 1) why this command did not work
> >
> > |ipa-replica-manage del ipa2.example.com <http://ipa2.example.com>
> > --force -v|
>
> Because replication agreements are separate from IPA masters, DNS, etc.
>
> >
> > 2) How could I manually effectively delete this agrrement left-over.
> >
>
> To see the agreements on any given master:
>
> $ ldapsearch -x -D 'cn=directory manager' -W -b
> 'cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config'
>
> Use ldapdelete to delete the orphan one, or use something like Apache
> Studio if you're uncomfortable on the CLI.
>
> rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160104/16457a39/attachment.htm>
More information about the Freeipa-users
mailing list