Temporarily fixed by myself. -- remove replica ipareplica02 by FORCE again and 
again on IPA master, until the replica doesn't show up when run 
'ipa-replica-manage list'. 

Could some one at Redhat IPA project please give a step-by-step how to remove a 
IPA replica, and how to add it back  -- reimage and rebuild --. Thanks.


[root@ipamaster .ssh]# ipa-replica-manage list
ipareplica01.example.com: master

ipareplica02.example.com: master
ipamaster.example.com: master
[root@ipamaster .ssh]#

[root@ipamaster .ssh]# ipa-replica-manage del ipareplica02.example.com --force
Unable to connect to replica ipareplica02.example.com, forcing removal
'ipamaster.example.com' has no replication agreement for 
'ipareplica02.example.com'
'ipareplica01.example.com' has no replication agreement for 
'ipareplica02.example.com'

[root@ipamaster .ssh]# ipa-replica-manage list
ipareplica01.example.com: master
ipamaster.example.com: master
[root@ipamaster .ssh]#

--David


________________________________
 From: David Copperfield <cao2...@yahoo.com>
To: "freeipa-users@redhat.com" <freeipa-users@redhat.com>; "d...@redhat.com" 
<d...@redhat.com>; E Deon Lackey <dlac...@redhat.com> 
Sent: Monday, May 7, 2012 8:41 PM
Subject: Re: IPA replica server rebuilding failed with 'Invalid credentials' 
error.
 

Debug output is attached as well.

....
root        : DEBUG      [21/29]: setting up initial replication
  [21/29]: setting up initial replication
root        : DEBUG    args=/sbin/service dirsrv restart JIGSAW-COM
root        : DEBUG    stdout=Shutting down dirsrv: 
    JIGSAW-COM...                                          [  OK  ]
Starting dirsrv: 
    JIGSAW-COM...                                          [  OK  ]

root        : DEBUG    stderr=
Starting replication, please wait until this has completed.
[ipamaster.qe9.jigsaw.com] reports: Update failed! Status: [49  - LDAP error: 
Invalid credentials]
creation of replica failed: Failed to start replication
root        : DEBUG    Failed to start replication
  File "/usr/sbin/ipa-replica-install", line 482, in <module>
    main()

  File "/usr/sbin/ipa-replica-install", line 433, in main
    ds = install_replica_ds(config)

  File "/usr/sbin/ipa-replica-install", line 135, in install_replica_ds
    pkcs12_info)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 
284, in create_replica
    self.start_creation("Configuring directory server", 60)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 
248, in start_creation
    method()

  File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 
297, in __setup_replica
    r_bindpw=self.dm_password)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/replication.py", 
line 694, in setup_replication
    raise RuntimeError("Failed to start replication")


Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.


--Guolin


________________________________
 From: David Copperfield <cao2...@yahoo.com>
To: "freeipa-users@redhat.com" <freeipa-users@redhat.com> 
Sent: Monday, May 7, 2012 8:38 PM
Subject: IPA replica server rebuilding failed with 'Invalid credentials' error.
 

I have a IPA replica server with disk problems, and then it is reimaged and 
rebuild. But when the IPA replica function is rebuilt, it reports the following 
problem:

[root@ipareplica02 ipa]# ipa-replica-install --no-ntp 
/var/lib/ipa/replica-info-ipareplica02.example.com.gpg

...
  [21/29]: setting up initial replication
Starting replication, please wait until this has completed.
[ipamaster.example.com] reports: Update failed! Status: [49  - LDAP error: 
Invalid credentials]
...

Before I run the replica rebuilding step on IPA replica, I already run 
'ipa-replica-manage disconn ipareplica01.example.com' on IPA master, and delete 
the host entry for ipareplica02 as well.

Did I missed any steps above? Please help. Thanks.


--David
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to