I am running a master freeIPA called "ipa" in an adelton/freeipa-server
(freeIPA 4.1.4).
I am able to create a replica server "ipa2", still in an

If I stop my ipa2 replica, and try to delete the replication agreement:

%ipa-replica-manage del ipa2.example.com --force  -v

It hangs forever.
If I run it using the --cleanup option, it seems to work.

But when I try to run again from scratch my replica, using the same name, I

Checking forwarders, please wait ...
WARNING: DNS forwarder does not return DNSSEC signatures in
Please fix forwarder configuration to enable DNSSEC support.
(For BIND 9 add directive "dnssec-enable yes;" to "options {}")
WARNING: DNSSEC validation will be disabled
Warning: skipping DNS resolution of host ipa2.example.com
Warning: skipping DNS resolution of host ipa.example.com
Using reverse zone(s) 0.17.172.in-addr.arpa.
A replication agreement for this host already exists. It needs to be
Run this on the master that generated the info file:
    % ipa-replica-manage del ipa2.example.com --force

On my master:
# ipa-replica-manage list
ipas.example.com: master
ipa.example.com: master

I manually removed all DNS entries from the 3 zones mentioning ipa2. I can
check in the web UI, using the search feature that ipa2 has no occurrence.

So I do not understand why the replica install thinks there's still a
replication agreement.
And I'd like to know:
1) why this command did not work

ipa-replica-manage del ipa2.example.com --force  -v

2) How could I manually effectively delete this agrrement left-over.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to