Hi, can you check if there are replication conflicts? Use the below command (and replace $BASEDN with your base dn, for instance dc=site5,dc=example,dc=com) ldapsearch -D "cn=Directory Manager" -W -b $BASEDN "(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))" \* nsds5ReplConflict
If you find some conflicts you can refer to https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/managing_replication-solving_common_replication_conflicts#doc-wrapper HTH, flo On Sat, Jun 1, 2024 at 5:10 AM Satish Patel <[email protected]> wrote: > Any help here, freeIPA giving me a hard time. I am not able to remove bad > replicas. I have tried all possible options and google + chatGPT whatever I > can do but none helping. is there any way I can remove bad replicas from my > freeIPA? > > On Thu, May 16, 2024 at 11:00 AM Satish Patel <[email protected]> > wrote: > >> Hi Florence, >> >> I have run all the possible commands but that thing isn't going away :( >> Even I even tried to search inside ldapsearch to see if I can manually >> remove them from ldap DB but it's not there either. I don't know who is >> holding this information. >> >> [root@ldap-vx-010101-4 ~]# ipa-replica-manage del >> ldap-vx-010103-4.site5.example.com --clean --force >> ipa: WARNING: Forcing removal of ldap-vx-010103-4.site5.example.com >> ipa: WARNING: Ignoring topology connectivity errors. >> ipa: WARNING: Ignoring these warnings and proceeding with removal >> ipa: WARNING: Failed to cleanup ldap-vx-010103-4.site5.example.com DNS >> entries: no such entry >> ipa: WARNING: You may need to manually remove them from the tree >> ipa: WARNING: Server has already been deleted >> ----------------------------------------------------- >> Deleted IPA server "ldap-vx-010103-4.site5.example.com" >> ----------------------------------------------------- >> >> >> >> [root@ldap-vx-010101-4 ~]# ipa server-del >> ldap-vx-010103-4.site5.example.com --force >> Removing ldap-vx-010103-4.site5.example.com from replication topology, >> please wait... >> ipa: WARNING: Forcing removal of ldap-vx-010103-4.site5.example.com >> ipa: WARNING: Failed to cleanup ldap-vx-010103-4.site5.example.com DNS >> entries: no such entry >> ipa: WARNING: You may need to manually remove them from the tree >> ipa: WARNING: Server has already been deleted >> ----------------------------------------------------- >> Deleted IPA server "ldap-vx-010103-4.site5.example.com" >> ----------------------------------------------------- >> >> >> Still I can see it in list >> >> ldap-vx-010103-4.site5.example.com: replica >> last init status: Error (0) >> last init ended: 1970-01-01 00:00:00+00:00 >> last update status: Error (0) No replication sessions started since >> server startup >> last update ended: 1970-01-01 00:00:00+00:00 >> >> >> >> >> On Thu, May 16, 2024 at 1:48 AM Florence Blanc-Renaud <[email protected]> >> wrote: >> >>> Hi, >>> >>> On Thu, May 16, 2024 at 4:05 AM Satish Patel via FreeIPA-users < >>> [email protected]> wrote: >>> >>>> Folks, >>>> >>>> I am trying to build some replicas and somehow they failed but because >>>> they are half baked they are stuck in master nodes and not letting me >>>> remove them. I have tried all the options and don't know how to get rid of >>>> them. >>>> >>>> I want to remove ldap-vx-010103-1.site5.example.com and >>>> ldap-vx-010103-2.site5.example.com. I have removed them from topology >>>> and from host and hostgroup ipaservers list but no luck. I have totally >>>> shut down replicas nodes but still no luck. Are there any good ways to >>>> clean them up? >>>> >>> >>> The commands "ipa server-del <hostname> --force" or "ipa-replica-manage >>> del <hostname> --clean --force" should be able to remove references to >>> those servers, even if they are shutdown. You need to run the command on a >>> working server. >>> >>> HTH, >>> flo >>> >>>> >>>> [root@ldap-vx-010101-4 ~]# ipa-replica-manage list -v `hostname` >>>> ldap-vx-010101-1.site5.example.com: replica >>>> last init status: None >>>> last init ended: 1970-01-01 00:00:00+00:00 >>>> last update status: Error (0) Replica acquired successfully: >>>> Incremental update succeeded >>>> last update ended: 2024-05-16 01:58:02+00:00 >>>> ldap-vx-010101-2.site5.example.com: replica >>>> last init status: None >>>> last init ended: 1970-01-01 00:00:00+00:00 >>>> last update status: Error (0) Replica acquired successfully: >>>> Incremental update succeeded >>>> last update ended: 2024-05-16 01:58:02+00:00 >>>> ldap-vx-010101-3.site5.example.com: replica >>>> last init status: None >>>> last init ended: 1970-01-01 00:00:00+00:00 >>>> last update status: Error (0) Replica acquired successfully: >>>> Incremental update succeeded >>>> last update ended: 2024-05-16 01:58:02+00:00 >>>> ldap-vx-010101-5.site5.example.com: replica >>>> last init status: None >>>> last init ended: 1970-01-01 00:00:00+00:00 >>>> last update status: Error (0) Replica acquired successfully: >>>> Incremental update succeeded >>>> last update ended: 2024-05-16 01:58:02+00:00 >>>> ldap-vx-010103-1.site5.example.com: replica >>>> last init status: Error (0) >>>> last init ended: 1970-01-01 00:00:00+00:00 >>>> last update status: Error (-1) Problem connecting to replica - LDAP >>>> error: Can't contact LDAP server (connection error) >>>> last update ended: 2024-05-11 10:30:33+00:00 >>>> ldap-vx-010103-2.site5.example.com: replica >>>> last init status: Error (0) Total update succeeded >>>> last init ended: 2024-05-10 20:35:02+00:00 >>>> last update status: Error (-1) Problem connecting to replica - LDAP >>>> error: Can't contact LDAP server (connection error) >>>> last update ended: 1970-01-01 00:00:00+00:00 >>>> ldap-vx-010103-3.site5.example.com: replica >>>> last init status: Error (0) Total update succeeded >>>> last init ended: 2024-05-10 21:14:53+00:00 >>>> last update status: Error (0) Replica acquired successfully: >>>> Incremental update succeeded >>>> last update ended: 2024-05-16 01:58:02+00:00 >>>> -- >>>> _______________________________________________ >>>> FreeIPA-users mailing list -- [email protected] >>>> To unsubscribe send an email to >>>> [email protected] >>>> Fedora Code of Conduct: >>>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>> List Archives: >>>> https://lists.fedorahosted.org/archives/list/[email protected] >>>> Do not reply to spam, report it: >>>> https://pagure.io/fedora-infrastructure/new_issue >>>> >>>
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
