Hi, Agreements cannot be deleted directly, you need to use the command "ipa topologysegment-del". First use "ipa topologysegment-find domain" and "ipa topologysegment-find ca" to list the replication segments for IPA data and certs data, then "ipa topologysegment-del ipa <name>" and "ipa topologysegment-del domain <name>".
HTH, flo On Thu, Nov 7, 2024 at 7:30 AM alexey safonov via FreeIPA-users < [email protected]> wrote: > wow, thanks. > that one shows the missed replica, so how to delete this agreement? > > ср, 6 нояб. 2024 г. в 21:12, Rob Crittenden <[email protected]>: > > > > alexey safonov wrote: > > > I'm not sure what is meto here, as the server name was > > > gcp-nas-vm01.int and it was never successfully added/replicated to the > > > IPA cluster due to connectivity error. any way, I tried both commands > > > and they are giving > > > > > > ipa server-del metogcp-nas-vm01.int --force > > > Removing metogcp-nas-vm01.int.quantbox.in from replication topology, > > > please wait... > > > ipa: WARNING: Forcing removal of metogcp-nas-vm01.int > > > ipa: WARNING: Failed to cleanup metogcp-nas-vm01.int DNS entries: no > > > matching entry found > > > ipa: WARNING: You may need to manually remove them from the tree > > > ipa: WARNING: Server has already been deleted > > > ----------------------------------------------------- > > > Deleted IPA server "metogcp-nas-vm01.int" > > > ----------------------------------------------------- > > > ipa server-del gcp-nas-vm01.int --force > > > Removing gcp-nas-vm01.int from replication topology, please wait... > > > ipa: WARNING: Forcing removal of gcp-nas-vm01.int > > > ipa: WARNING: Failed to cleanup gcp-nas-vm01.int DNS entries: no > > > matching entry found > > > ipa: WARNING: You may need to manually remove them from the tree > > > ipa: WARNING: Server has already been deleted > > > ------------------------------------------------- > > > Deleted IPA server "gcp-nas-vm01.int" > > > ------------------------------------------------- > > > > > > but ipa-healtcheck error is still persist > > > > ipa-replica-manage by itself basically just lists the IPA servers. > > > > To see the agreements on a server add -v $HOSTNAME. > > > > rob > > > > > > > > пн, 4 нояб. 2024 г. в 23:00, Rob Crittenden <[email protected]>: > > >> > > >> alexey safonov via FreeIPA-users wrote: > > >>> I tried to play with an additional replica, but in the end decided to > > >>> remove it, and now getting > > >>> > > >>> [ > > >>> { > > >>> "source": "ipahealthcheck.ds.replication", > > >>> "check": "ReplicationCheck", > > >>> "result": "ERROR", > > >>> "uuid": "ad00082d-22ae-4928-ae08-6e7177918fc6", > > >>> "when": "20241104091521Z", > > >>> "duration": "10.592736", > > >>> "kw": { > > >>> "key": "DSREPLLE0005", > > >>> "items": [ > > >>> "Replication", > > >>> "Agreement" > > >>> ], > > >>> "msg": "The replication agreement (metogcp-nas-vm01.int) under > > >>> \"dc=int\" is not in synchronization,\nbecause the consumer server is > > >>> not reachable." > > >>> } > > >>> } > > >>> ] > > >>> > > >>> > > >>> That's correct. Server gcp-nas-vm01.int is not reachable anymore, > but > > >>> I see no such server in replica-list or agreement list. How can I > > >>> clean up/remove that alarm? > > >>> > > >>> ipa-replica-manage list > > >>> qb-mum-vm01.int: master > > >>> qb-mum-vm02.int: master > > >>> qb-bg-vm01.int: master > > >>> > > >>> > > >>> ipa-csreplica-manage list > > >>> Directory Manager password: > > >>> > > >>> qb-mum-vm01.int: master > > >>> qb-mum-vm02.int: CA not configured > > >>> qb-bg-vm01.int: CA not configured > > >>> > > >> > > >> How did you remove the replica? > > >> > > >> You can try running ipa-server-del metogcp-nas-vm01.int --force > > >> > > >> rob > > >> > > > > > > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
