Well, my master ground to a halt and wasn't responding. I rebooted the system and now I can't access the web UI or ssh to the master either. I have console access but that's it.
The services all say they're running, but the web UI gives an "Unknown Error" dialog and ssh fails with "ssh_exchange_identification: Connection closed by remote host" whenever I try to ssh to ipamaster. I think something has gone really wrong inside my master. Any ideas? Even after the reboot, --cleanup isn't helping and just hangs. The logfiles end (as of the time I ^C'd the process) with: NSMMReplicationPlugin - agmt="cn=meTogood3.spx.net" (good3:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot determine realm for numeric host address)) NSMMReplicationPlugin - CleanAllRUV Task: Replica not online (agmt="cn= meTogood3.foo.net" (good3:389)) NSMMReplicationPlugin - CleanAllRUV Task: Not all replicas online, retrying in 160 seconds..., So it looks like it's having trouble talking with one of my replicas and is doggedly trying to get the job done. Any idea how to get the master back working again while I troubleshoot this connectivity issue? * * *Bret Wortman* http://damascusgrp.com/ http://about.me/wortmanbret On Mon, Aug 19, 2013 at 11:11 AM, Rob Crittenden <rcrit...@redhat.com>wrote: > Bret Wortman wrote: > >> How can I tell if this is working? It's been 10 minutes and it hasn't >> returned; IPA response is sluggish and top doesn't show anything >> obviously running & sucking up CPU. >> > > It should be nearly instantaneous. It doesn't actually do a lot. It > deletes the master from cn=masters, removes its entries from S4U2proxy > delegation and in newer versions attempts to save its DNA configuration, if > any. > > It should be safe to break out of it and re-run it. You may want to check > the 389-ds logs to see what it has already done. > > rob > > >> >> _ >> _ >> *Bret Wortman* >> >> http://damascusgrp.com/ >> http://about.me/wortmanbret >> >> >> On Mon, Aug 19, 2013 at 10:16 AM, Bret Wortman >> <bret.wort...@damascusgrp.com >> <mailto:bret.wortman@**damascusgrp.com<bret.wort...@damascusgrp.com>>> >> wrote: >> >> My replication situation has gotten a bit messed up. >> >> I have four replicas that are up and running and two that I'm trying >> to delete (one is not a replica any more, one didn't upgrade well >> during its fedup upgrade from F17->F18 and as such I had to do a >> clean OS install). >> >> # ipa-replica-manage list >> bad1.foo.net >> <http://bl-1.com/click/load/**VGVbaVI2BjtTO1ExAjY-b0231<http://bl-1.com/click/load/VGVbaVI2BjtTO1ExAjY-b0231> >> >: >> master >> bad2.foo.net >> <http://bl-1.com/click/load/**ADEOPARgATxfN1Q0BjM-b0231<http://bl-1.com/click/load/ADEOPARgATxfN1Q0BjM-b0231> >> >: >> master >> good1.foo.net <http://good1.foo.net>: master >> good2.foo.net <http://good2.foo.net>: master >> good3.foo.net <http://good3.foo.net>: master >> good4.foo.net <http://good4.foo.net>: master >> # ipa-replica-manage list ipamaster.foo.net >> >> <http://bl-1.com/click/load/**BDUBM1I2UWxfN1c3V2U-b0231<http://bl-1.com/click/load/BDUBM1I2UWxfN1c3V2U-b0231> >> > >> good1.foo.net <http://good1.foo.net>: replica >> good2.foo.net <http://good2.foo.net>: replica >> good3.foo.net <http://good3.foo.net>: replica >> good4.foo.net <http://good4.foo.net>: replica >> # ipa-replica-manage del --force bad1.foo.net <http://bad1.foo.net> >> 'ipamaster.foo.net <http://ipamaster.foo.net>' has no replication >> agreement for 'bad1.foo.net <http://bad1.foo.net>' >> # ipa-replica-manage del --force bad2.foo.net <http://bad2.foo.net> >> 'ipamaster.foo.net <http://ipamaster.foo.net>' has no replication >> agreement for 'bad2.foo.net <http://bad2.foo.net>' >> # >> _ >> _ >> >> What I need to do is remove bad1 completely and then remove bad2 and >> re-add it as a replica. Any ideas? >> >> _ >> _ >> *Bret Wortman* >> >> http://damascusgrp.com/ >> >> <http://bl-1.com/click/load/**U2JdbwdjBThROQZmAzA-b0231<http://bl-1.com/click/load/U2JdbwdjBThROQZmAzA-b0231> >> > >> http://about.me/wortmanbret >> >> <http://bl-1.com/click/load/**ATBZa1QwVmsHbwNjVWU-b0231<http://bl-1.com/click/load/ATBZa1QwVmsHbwNjVWU-b0231> >> > >> >> >> >> >> >> ______________________________**_________________ >> Freeipa-users mailing list >> Freeipafirstname.lastname@example.org >> https://www.redhat.com/**mailman/listinfo/freeipa-users<https://www.redhat.com/mailman/listinfo/freeipa-users> >> >> >
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users