[Freeipa-users] Deleting a down ipa master?
Rob Crittenden
rcritten at redhat.com
Thu May 2 17:56:20 UTC 2013
Nathan wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> On 05/02/2013 01:07 PM, Rob Crittenden wrote:
>> Nathan wrote: ipa-replica-manage does not seem to have a --cleanup
>> option... Can you give me more detail about how it's used?
>>
>>> --cleanup was introduced in FreeIPA 3.0.
>>
>>> It sounds like you just have a masters entry left over in
>>> cn=masters,cn=ipa,cn=etc,dc=example,dc=com. If that is the case
>>> then you can simply remove those entries.
>>
>>> You should also check out CLEANRUV at
>>> http://directory.fedoraproject.org/wiki/Howto:CLEANRUV (skip past
>>> the CLEANALLRUV part, it probably isn't available if you are
>>> still using IPA 2.2).
>>
> root at caroline2 PROD ~]# rpm -qa ipa-server
> ipa-server-2.2.0-17.el6_3.1.x86_64
>
>
> This is on RHEL 6.3.
>
> Thanks! I'll look into the doc you mentioned.
>
> How easy is it to check for, and remove the ldap entry you mentioned?
> I'm not an ldap admin, but I have some at my disposal if needed.
$ ldapsearch -LLL -x -b
cn=oldmaster.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com dn
Then carefully paste each dn, minus the dn:, in REVERSE order, to:
$ ldapdelete -x -D 'cn=Directory Manager' -w
cn=HTTP...
cn=ldap...
^D to exit
rob
>
> Thanks!
>
>
>>> rob
>>
>>
>>
>>
>> On 05/02/2013 12:07 PM, Petr Viktorin wrote:
>>>>> On 05/02/2013 05:21 PM, Nathan wrote:
>>>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>>>>
>>>>>> List still shows caroline1.
>>>>>>
>>>>>> [root at caroline2 PROD ~]# ipa-replica-manage list
>>>>>> caroline0.lafayette.edu: master caroline2.lafayette.edu:
>>>>>> master caroline1.lafayette.edu: master
>>>>>>
>>>>>>
>>>>>> - -v does not seem to change the output at all. I even
>>>>>> tried moving the - -v around in the command line, to see if
>>>>>> placement mattered.
>>>>>>
>>>>>> [root at caroline2 PROD ~]# ipa-replica-manage -v del
>>>>>> --force caroline1.lafayette.edu 'caroline2.lafayette.edu'
>>>>>> has no replication agreement for 'caroline1.lafayette.edu'
>>>>>> [root at caroline2 PROD ~]# ipa-replica-manage del -v --force
>>>>>> caroline1.lafayette.edu 'caroline2.lafayette.edu' has no
>>>>>> replication agreement for 'caroline1.lafayette.edu'
>>>>>> [root at caroline2 PROD ~]# ipa-replica-manage del --force -v
>>>>>> caroline1.lafayette.edu 'caroline2.lafayette.edu' has no
>>>>>> replication agreement for 'caroline1.lafayette.edu'
>>>>>> [root at caroline2 PROD ~]# ipa-replica-manage list
>>>>>> caroline0.lafayette.edu: master caroline2.lafayette.edu:
>>>>>> master caroline1.lafayette.edu: master
>>>>>>
>>>>>>
>>>>>> Is --cleanup destructive? Is there some reason that it
>>>>>> should not try it?
>>>>>
>>>>> Looking at the code, it only cleans up the Kerberos info and
>>>>> host entry, not DNS records or RUV.
>>>>>
>>
>>>
>>> _______________________________________________ Freeipa-users
>>> mailing list Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
>
> - --
> - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Nathan Lager, RHCSA, RHCE (#110-011-426)
> System Administrator
> 11 Pardee Hall
> Lafayette College, Easton, PA 18042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlGCossACgkQsZqG4IN3sunlrwCfVQy+yNXmf7HzBCFGn4drUJia
> lHcAn0XdEKth/TGZOLmqTe9SNvxLDwch
> =5I0n
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list