[Freeipa-users] down master still in ldap, prevents re-enrolement
Rob Crittenden
rcritten at redhat.com
Thu Sep 22 13:51:08 UTC 2016
Petr Vobornik wrote:
> On 09/21/2016 11:25 PM, pgb205 wrote:
>> topology prior to deletion
>>
>> master1<->master2
>>
>> master2 deleted with ipa-server --uninstall command
>>
>> During re-installation I get error that the replication agreement still exists
>> on master1.
>> I do see this using ipa-replica-manage list.
>>
>> Tried deleting replication agreement with
>> ipa-replica-manage disconnect but receive 'no such replication agreement exist'
>>
>> Force deletion and cleanup do not work
>> receive unexpected error: Server is unwilling to perform: database is read-only
>>
>>
>> removing directly from ldap gives me:
>> ldapdelete -r -x -D "cn=Directory Manager" -W
>> 'cn=fqdn,cn=masters,cn=ipa,cn=etc,dc=domain,dc=com'
>> Enter LDAP Password:
>> ldap_delete: Server is unwilling to perform (53)
>> ldap_delete: Server is unwilling to perform (53)
>> additional info: database is read-only
>>
>> But I am not sure if I'm not using correct path or if it's something else.
>>
>> Might be related to Bug 826677 – IPA cannot remove disconnected replica data to
>> reconnect <https://bugzilla.redhat.com/show_bug.cgi?id=826677>
>>
>>
>>
>>
>> Bug 826677 – IPA cannot remove disconnected replica data to reconnect
>>
>>
>>
>> <https://bugzilla.redhat.com/show_bug.cgi?id=826677>
>>
>
> run on master1:
> ipa-csreplica-manage del master2 --force --clean
> ipa-replica-manage del master2 --force --clean
>
> In that order. First step only if master2 was installed with CA.
>
> Those command should clean left-over data from master2.
>
> In standard situation, recommended uninstallation procedure for IPAs
> prior FreeIPA 4.4 is:
> master1# ipa-csreplica-manage del master2
> master1# ipa-replica-manage del master2
> master2# ipa-server-install --uninstall
>
Ultimately the problem is that the database is set to read only.
$ ldapsearch -x -D 'cn=directory manager' -W -s base -b 'cn=userRoot,
cn=ldbm database, cn=plugins, cn=config' nsslapd-readonly
rob
More information about the Freeipa-users
mailing list