Re: [Freeipa-users] last step in retiring old RHEL 6 (IPA 3.0.0) servers

Thu, 17 Sep 2015 05:02:48 -0700 

On 09/17/2015 01:15 PM, Martin Kosek wrote:

On 09/16/2015 06:54 PM, Craig White wrote:

Virtually completed the steps listed here...
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html

Managed to get IPA2 deleted and removed from 'ipa-replica-manage list' so now 
it is down to IPA1. No amount of effort will seem to kill that sucker off.

ipa-replica-manage del ipa1.stt.local --force
Connection to 'ipa1.stt.local' failed:
Forcing removal of ipa1.stt.local
Skipping calculation to determine if one or more masters would be orphaned.
No RUV records found.

$ ipa-replica-manage del ipa1.stt.local --force -c
Connection to 'ipa1.stt.local' failed:
Forcing removal of ipa1.stt.local
Skipping calculation to determine if one or more masters would be orphaned.
No RUV records found.

$ ipa-replica-manage list
ipa1.stt.local: master
ipa3.stt.local: master
ipa4.stt.local: master

Obviously connection to ipa1 failed because in previous step, I had to shut it 
down on ipa1 (ipactl stop)

What's the trick to get rid of an old, discontinued 'master' ?

Craig White


Quickly looking at ipa-replica-manage code, the del command will end if there
is no RUV. So it seems that in some of your previous RUV was deleted, but
server record was not.

What does
# ipa-replica-manage list-ruv
show?

Petr or Honza, is the only option here to
1) Use ldapdelete to delete the master record in cn=masters as a hotfix for
this issue
It will fix the replica manage output but replica cleanup does more things than just a removal of master entry. It also: 
    deletes services of the host
    removes s4u2proxy configuration
    removes some ACIs

More info:
https://git.fedorahosted.org/cgit/freeipa.git/tree/ipaserver/install/replication.py#n1185



2) File a ticket to avoid get_ruv function exit the whole "del" command when
--force is in play to fix this long-term


https://fedorahosted.org/freeipa/ticket/5307







--
Petr Vobornik

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to