[Freeipa-users] replica failed to uninstall cleanly

David Spångberg david at tunna.org
Fri Jun 29 07:46:48 UTC 2012 

Hello

I have a problem similar to the problem George He talked about last week
in this mailing list:

- http://article.gmane.org/gmane.linux.redhat.freeipa.user/4895

Basically I have a ipa master running and wanted to setup a replica.
However the CA installation step failed and the `ipa-replica-install'
script informed me to perform a `ipa-server-install --uninstall' which I
did. I then ran `ipa-replica-install' without the `--setup-ca' flag
thinking I could use `ipa-ca-install' later.

I got informed that the host already existed on the master and to run
`ipa-replica-manage del' to remove it. If I remember correctly this
command failed complaining about not being able to connect to the ldap
service. I then tried and failed with the `--force' flag which was
discussed in George He:s thread. This is how it looks like for me now:

At the replica server:
> $ ipa-replica-install /var/lib/ipa/replica-info-ipa2.example.com.gpg
> ...
> The host ipa2.example.com already exists on the master server. Depending
on your configuration, you may perform the following:
>
> Remove the replication agreement, if any:
>     % ipa-replica-manage del ipa2.example.com
> Remove the host entry:
>     % ipa host-del ipa2.example.com

At the master server:
> $ ipa-replica-manage list
> ipa2.example.com: master
> ipa.example.com: master

> $ ipa-replica-manage del ipa2.example.com
> 'ipa.example.com' has no replication agreement for 'ipa2.example.com'

> $ ipa-replica-manage --force ipa2.example.com
> 'ipa.example.com' has no replication agreement for 'ipa2.example.com'

> $ ipa host-del ipa2.drutt.com
> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
disabled

It seems like `ipa-replica-manage' succeeded to remove just enough
entries in the ldap service to fool the `ipa-replica-manage del' command
but not enough to really uinstall it. Checking the output of for example
`ldapsearch -D "cn=Directory Manager" -w pass -LLL -x cn=ipa-http-delegation'
seems to confirm this.


Regards,

David Spångberg

More information about the Freeipa-users mailing list