Would I be correct to try the following:
Try to reinitialize database with
# ipa-replica-manage re-initialize --from ipa03.fbog.local
If reinitializing database doesn't work, then
Re-install replica server as :
1- On Master server
1 . obtain a Kerberos ticket before running IPA tools
# kinit admin
2 . List all of the configured replication agreements for the FreeIPA
domain.
# ipa-replica-manage list
3 . Removing the replica from the topology involves deleting all the
agreements between thereplica and the other servers in the IPA domain and all
of the data about the replica in thedomain configuration
# ipa-replica-manage del ipa04.fbog.local
4 . If the replica was configured with its own CA, then also use the
ipa-csreplica-manage del command to remove all certificate server replication
agreements.
(HOW DO I CHECK IF THIS IS TRUE?)
# ipa-csreplica-manage del ipa04.fbog.local
2- On replica
For errors like "
ipa.ipapython.install.cli.install_tool(Replica): ERROR A CA is already
configured on this system."
Remove CA certificates manually with
# pkidestroy -s CA -i pki-tomcat
# rm -rf /var/log/pki/pki-tomcat /etc/sysconfig/pki-tomcat
/etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat /etc/pki/pki-tomcat
5 . Uninstall replica by running below command
# ipa-server-install --uninstall -U
But then what do we do to rebuild the IPA on ipa04.fbog.local?
Thanks.
-Steven
-----Original Message-----
From: Rob Crittenden <[email protected]>
Sent: Tuesday, August 10, 2021 9:19 AM
To: FreeIPA users list <[email protected]>
Cc: Shirley Schaeffer <[email protected]>; Simpson, Brett
<[email protected]>; Auerbach, Steven <[email protected]>
Subject: Re: [Freeipa-users] Hard Crash of Server Corrupted IPA
Auerbach, Steven via FreeIPA-users wrote:
> A storage subsystem failure below our virtualization layer caused a
> hard crash of our 2^nd IPA Master. It will not start back up.
>
> $ Systemctl status –l ipa
>
> ● ipa.service - Identity, Policy, Audit
>
> Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled;
> vendor
> preset: disabled)
>
> Active: failed (Result: exit-code) since Fri 2021-08-06 15:47:24
> EDT;
> 3 days ago
>
> Process: 1554 ExecStart=/usr/sbin/ipactl start (code=exited,
> status=1/FAILURE)
>
> Main PID: 1554 (code=exited, status=1/FAILURE)
>
>
>
> Aug 06 15:46:46 ipa04.fbog.local systemd[1]: Starting Identity,
> Policy, Audit...
>
> Aug 06 15:47:24 ipa04.fbog.local ipactl[1554]: Failed to start
> Directory
> Service: Command '/bin/systemctl start [email protected]'
> returned non-zero exit status 1
>
> Aug 06 15:47:24 ipa04.fbog.local ipactl[1554]: Starting Directory
> Service
>
> Aug 06 15:47:24 ipa04.fbog.local systemd[1]: ipa.service: main process
> exited, code=exited, status=1/FAILURE
>
> Aug 06 15:47:24 ipa04.fbog.local systemd[1]: Failed to start Identity,
> Policy, Audit.
>
> Aug 06 15:47:24 ipa04.fbog.local systemd[1]: Unit ipa.service entered
> failed state.
>
> Aug 06 15:47:24 ipa04.fbog.local systemd[1]: ipa.service failed.
>
>
>
> Multiple OS restarts do not clear this. There must be a pid file
> somewhere to delete. Not sure where to look in documentation or a
> meaningful search expression for researching the web.
>
> Help?
You need to look in the 389-ds error log for details,
/var/log/dirsrv/slapd-FBOG-LOCAL/errors
rob
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
