On 08/24/2016 06:33 PM, Rob Crittenden wrote: > Ian Harding wrote: >> I tried to simply uninstall and reinstall freeipa-dal and this happened. >> >> It only had a replication agreement with freeipa-sea >> >> [root@freeipa-dal ianh]# ipa-server-install --uninstall >> >> This is a NON REVERSIBLE operation and will delete all data and >> configuration! >> >> Are you sure you want to continue with the uninstall procedure? [no]: yes >> Shutting down all IPA services >> Removing IPA client configuration >> Unconfiguring ntpd >> Configuring certmonger to stop tracking system certificates for KRA >> Configuring certmonger to stop tracking system certificates for CA >> Unconfiguring CA >> Unconfiguring named >> Unconfiguring ipa-dnskeysyncd >> Unconfiguring web server >> Unconfiguring krb5kdc >> Unconfiguring kadmin >> Unconfiguring directory server >> Unconfiguring ipa_memcached >> Unconfiguring ipa-otpd >> [root@freeipa-dal ianh]# ipa-server-install --uninstall >> >> This is a NON REVERSIBLE operation and will delete all data and >> configuration! >> >> Are you sure you want to continue with the uninstall procedure? [no]: yes >> >> WARNING: Failed to connect to Directory Server to find information about >> replication agreements. Uninstallation will continue despite the possible >> existing replication agreements. >> Shutting down all IPA services >> Removing IPA client configuration >> Configuring certmonger to stop tracking system certificates for KRA >> Configuring certmonger to stop tracking system certificates for CA >> [root@freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns >> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg >> Directory Manager (existing master) password: >> >> The host freeipa-dal.bpt.rocks already exists on the master server. >> You should remove it before proceeding: >> % ipa host-del freeipa-dal.bpt.rocks >> [root@freeipa-dal ianh]# >> >> So I tried to delete it again with --force >> >> [root@freeipa-sea ianh]# ipa-replica-manage --force del >> freeipa-dal.bpt.rocks >> Directory Manager password: >> >> 'freeipa-sea.bpt.rocks' has no replication agreement for >> 'freeipa-dal.bpt.rocks' >> [root@freeipa-sea ianh]# >> >> Can't delete it from the master server either >> >> [root@seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks >> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or >> disabled >> >> >> Now what? I'm running out of things that work. > > Not sure what version of IPA you have but try: > > # ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks > > If this had a CA on it then you'll want to ensure that any replication > agreements it had have been removed as well. > > rob >
It turns out I'm not smart enough to untangle this mess. Is there any way to kind of start over? I managed to delete and recreate a couple replicas but the problems (obsolete ruv as far as I can tell) carry on with the new replicas. They won't even replicate back to the master they were created from. Basically, is there a way to do a fresh install of FreeIPA server, and do a dump/restore of data from my existing messed up install? Thanks! -- Ian Harding IT Director Brown Paper Tickets 1-800-838-3006 ext 7186 http://www.brownpapertickets.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project