[Freeipa-users] Re: logic behind replica installer - host already exists

Mon, 09 Apr 2018 05:00:07 -0700 

On 04/07/2018 04:52 PM, lejeczek via FreeIPA-users wrote:

hi

having a client installed now I attempt to install a replica..
..
  host already exists. It needs to be removed.
Run this command:
    %% ipa-replica-manage del rider.private.ccnr.ceb.private.cam.ac.uk --force
which I do, I go to first master and I do as recommend, and on candidate replica again I do, but this time.. 
..
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529638918): Client 'host/rider.private.ccnr.ceb.private.cam.ac.uk@PRIVATE' not found in Kerberos database 
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR
on first master I do: $ ipa host-find ; and yes, there no host so I need to do client re-installation, right? 
Is this intended & expected? Or is this some weird bug?

many thanks, L.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Hi,
if you are promoting a host from client to replica and there was already a replica with the same name (visible with ipa-replica-manage list), it is expected that the ipa-replica-install command fails. 

The correct procedure to recover is to completely delete the replica:
(on replica) ipa-server-install --uninstall -U
(on master) ipa-replica-manage list
If the above command returns the replica,
(on master) ipa-replica-manage del <replica> --force

and then retry the replica installation. Note that you can either:
- install the client then promote to replica:
ipa-client-install <client_options>
ipa-replica-install <replica_options>
- or do both operations in a single step:
ipa-replica-install <client_options> <replica_options>
(see DOMAIN LEVEL 1 CLIENT ENROLLMENT OPTIONS in the man page for ipa-replica-install). 

Which command is triggering the Unspecified GSS failure in your case?

HTH,
Flo
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to