alexey safonov wrote: > that helped I guess you've already done it but for posterity, what I'd do is:
- stop dirsrv - make a copy of /etc/dirsrv/slapd-REALM/dse.ldif - edit dse.ldif and remove the leftover agreement entry - restart dirsrv The IPA topology plugin will generally actively try to prevent direct deletion of agreements. rob > > чт, 7 нояб. 2024 г. в 22:13, alexey safonov <[email protected]>: >> >> I've found it under >> cn=replica,cn=dc\3Dint,cn=mapping tree,cn=config >> >> is it safe to delete it directly from here? >> >> чт, 7 нояб. 2024 г. в 18:27, Florence Blanc-Renaud <[email protected]>: >>> >>> Hi, >>> >>> Agreements cannot be deleted directly, you need to use the command "ipa >>> topologysegment-del". >>> First use "ipa topologysegment-find domain" and "ipa topologysegment-find >>> ca" to list the replication segments for IPA data and certs data, then "ipa >>> topologysegment-del ipa <name>" and "ipa topologysegment-del domain <name>". >>> >>> HTH, >>> flo >>> >>> On Thu, Nov 7, 2024 at 7:30 AM alexey safonov via FreeIPA-users >>> <[email protected]> wrote: >>>> >>>> wow, thanks. >>>> that one shows the missed replica, so how to delete this agreement? >>>> >>>> ср, 6 нояб. 2024 г. в 21:12, Rob Crittenden <[email protected]>: >>>>> >>>>> alexey safonov wrote: >>>>>> I'm not sure what is meto here, as the server name was >>>>>> gcp-nas-vm01.int and it was never successfully added/replicated to the >>>>>> IPA cluster due to connectivity error. any way, I tried both commands >>>>>> and they are giving >>>>>> >>>>>> ipa server-del metogcp-nas-vm01.int --force >>>>>> Removing metogcp-nas-vm01.int.quantbox.in from replication topology, >>>>>> please wait... >>>>>> ipa: WARNING: Forcing removal of metogcp-nas-vm01.int >>>>>> ipa: WARNING: Failed to cleanup metogcp-nas-vm01.int DNS entries: no >>>>>> matching entry found >>>>>> ipa: WARNING: You may need to manually remove them from the tree >>>>>> ipa: WARNING: Server has already been deleted >>>>>> ----------------------------------------------------- >>>>>> Deleted IPA server "metogcp-nas-vm01.int" >>>>>> ----------------------------------------------------- >>>>>> ipa server-del gcp-nas-vm01.int --force >>>>>> Removing gcp-nas-vm01.int from replication topology, please wait... >>>>>> ipa: WARNING: Forcing removal of gcp-nas-vm01.int >>>>>> ipa: WARNING: Failed to cleanup gcp-nas-vm01.int DNS entries: no >>>>>> matching entry found >>>>>> ipa: WARNING: You may need to manually remove them from the tree >>>>>> ipa: WARNING: Server has already been deleted >>>>>> ------------------------------------------------- >>>>>> Deleted IPA server "gcp-nas-vm01.int" >>>>>> ------------------------------------------------- >>>>>> >>>>>> but ipa-healtcheck error is still persist >>>>> >>>>> ipa-replica-manage by itself basically just lists the IPA servers. >>>>> >>>>> To see the agreements on a server add -v $HOSTNAME. >>>>> >>>>> rob >>>>> >>>>>> >>>>>> пн, 4 нояб. 2024 г. в 23:00, Rob Crittenden <[email protected]>: >>>>>>> >>>>>>> alexey safonov via FreeIPA-users wrote: >>>>>>>> I tried to play with an additional replica, but in the end decided to >>>>>>>> remove it, and now getting >>>>>>>> >>>>>>>> [ >>>>>>>> { >>>>>>>> "source": "ipahealthcheck.ds.replication", >>>>>>>> "check": "ReplicationCheck", >>>>>>>> "result": "ERROR", >>>>>>>> "uuid": "ad00082d-22ae-4928-ae08-6e7177918fc6", >>>>>>>> "when": "20241104091521Z", >>>>>>>> "duration": "10.592736", >>>>>>>> "kw": { >>>>>>>> "key": "DSREPLLE0005", >>>>>>>> "items": [ >>>>>>>> "Replication", >>>>>>>> "Agreement" >>>>>>>> ], >>>>>>>> "msg": "The replication agreement (metogcp-nas-vm01.int) under >>>>>>>> \"dc=int\" is not in synchronization,\nbecause the consumer server is >>>>>>>> not reachable." >>>>>>>> } >>>>>>>> } >>>>>>>> ] >>>>>>>> >>>>>>>> >>>>>>>> That's correct. Server gcp-nas-vm01.int is not reachable anymore, but >>>>>>>> I see no such server in replica-list or agreement list. How can I >>>>>>>> clean up/remove that alarm? >>>>>>>> >>>>>>>> ipa-replica-manage list >>>>>>>> qb-mum-vm01.int: master >>>>>>>> qb-mum-vm02.int: master >>>>>>>> qb-bg-vm01.int: master >>>>>>>> >>>>>>>> >>>>>>>> ipa-csreplica-manage list >>>>>>>> Directory Manager password: >>>>>>>> >>>>>>>> qb-mum-vm01.int: master >>>>>>>> qb-mum-vm02.int: CA not configured >>>>>>>> qb-bg-vm01.int: CA not configured >>>>>>>> >>>>>>> >>>>>>> How did you remove the replica? >>>>>>> >>>>>>> You can try running ipa-server-del metogcp-nas-vm01.int --force >>>>>>> >>>>>>> rob >>>>>>> >>>>>> >>>>> >>>> -- >>>> _______________________________________________ >>>> FreeIPA-users mailing list -- [email protected] >>>> To unsubscribe send an email to [email protected] >>>> Fedora Code of Conduct: >>>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>> List Archives: >>>> https://lists.fedorahosted.org/archives/list/[email protected] >>>> Do not reply to spam, report it: >>>> https://pagure.io/fedora-infrastructure/new_issue > -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
