On 12/21/2015 05:49 PM, Alex Williams wrote:
I began installing a new ipa4 replica this morning and it all went wrong. The ipa-replica-install script got all the way to restarting ipa with systemctl at the very end, having set up replication and then fell over, because systemctl couldn't find the ipa service. I removed the replica from our master, I deleted the host from there too, I un-installed ipa-server on the new replica machine, I even created a new replica-prepare script on the master, but now the server just errors immediately with:

A replication agreement for this host already exists. It needs to be removed.

I've verified several times, that no replica, or host with the same name exists in the master, there are no ldap entries under masters, with that hostname, nothing. There is literally no trace of the new host, on the old master. Running `ipa-replica-manage list` shows just the 3 ipa servers we have already, no sign of this new host. Yet, if I run `ipa-replica-manage del hostname --force` on the master, it will in fact say that it's forcing removal, skipping checking if anything will be orphaned and that no RUV records were found.

I'm now lost, I really don't know where to start with fixing this.
we should first try to get a clear picture of existing agreements and state of replication. Could you on all servers do the following searches (as directory manager)

ldapsearch -LLL -o ldif-wrap=no ..... -b "cn=config" "objectclass=nsds5replicationagreement" nsDS5ReplicaRoot nsDS5ReplicaHost ldapsearch -LLL -o ldif-wrap=no ...... -b "cn=config" "objectclass=nsds5replica" nsDS5ReplicaRoot nsDS5ReplicaId nsds50ruv

Not sure if this is relevant or not, but I'd rather bring it up and it not be, than not mention it and it turn out to be the reason. Our yum mirror is unfortunately now holding rhel7.2 packages, whilst our servers, are still on rhel7.1, which means our existing IPA servers, are ipa4.1 and the new one I tried to install, was ipa4.2, but on a rhel7.1 box. I had previously attributed the failed systemctl command, to the fact that I was trying to run ipa4.2 on a rhel7.1 box, as I'm told there were a lot of modifications to systemctl in rhel7.2, but I need to fix this replication agreement issue, before I can try again with the box upgraded to rhel7.2.

Any ideas?

Cheers

Alex


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to