On 08/25/2016 10:41 AM, Rob Crittenden wrote: > Ian Harding wrote: >> >> >> On 08/24/2016 06:33 PM, Rob Crittenden wrote: >>> Ian Harding wrote: >>>> I tried to simply uninstall and reinstall freeipa-dal and this >>>> happened. >>>> >>>> It only had a replication agreement with freeipa-sea >>>> >>>> [root@freeipa-dal ianh]# ipa-server-install --uninstall >>>> >>>> This is a NON REVERSIBLE operation and will delete all data and >>>> configuration! >>>> >>>> Are you sure you want to continue with the uninstall procedure? >>>> [no]: yes >>>> Shutting down all IPA services >>>> Removing IPA client configuration >>>> Unconfiguring ntpd >>>> Configuring certmonger to stop tracking system certificates for KRA >>>> Configuring certmonger to stop tracking system certificates for CA >>>> Unconfiguring CA >>>> Unconfiguring named >>>> Unconfiguring ipa-dnskeysyncd >>>> Unconfiguring web server >>>> Unconfiguring krb5kdc >>>> Unconfiguring kadmin >>>> Unconfiguring directory server >>>> Unconfiguring ipa_memcached >>>> Unconfiguring ipa-otpd >>>> [root@freeipa-dal ianh]# ipa-server-install --uninstall >>>> >>>> This is a NON REVERSIBLE operation and will delete all data and >>>> configuration! >>>> >>>> Are you sure you want to continue with the uninstall procedure? >>>> [no]: yes >>>> >>>> WARNING: Failed to connect to Directory Server to find information >>>> about >>>> replication agreements. Uninstallation will continue despite the >>>> possible >>>> existing replication agreements. >>>> Shutting down all IPA services >>>> Removing IPA client configuration >>>> Configuring certmonger to stop tracking system certificates for KRA >>>> Configuring certmonger to stop tracking system certificates for CA >>>> [root@freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns >>>> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg >>>> Directory Manager (existing master) password: >>>> >>>> The host freeipa-dal.bpt.rocks already exists on the master server. >>>> You should remove it before proceeding: >>>> % ipa host-del freeipa-dal.bpt.rocks >>>> [root@freeipa-dal ianh]# >>>> >>>> So I tried to delete it again with --force >>>> >>>> [root@freeipa-sea ianh]# ipa-replica-manage --force del >>>> freeipa-dal.bpt.rocks >>>> Directory Manager password: >>>> >>>> 'freeipa-sea.bpt.rocks' has no replication agreement for >>>> 'freeipa-dal.bpt.rocks' >>>> [root@freeipa-sea ianh]# >>>> >>>> Can't delete it from the master server either >>>> >>>> [root@seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks >>>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or >>>> disabled >>>> >>>> >>>> Now what? I'm running out of things that work. >>> >>> Not sure what version of IPA you have but try: >>> >>> # ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks >>> >>> If this had a CA on it then you'll want to ensure that any replication >>> agreements it had have been removed as well. >>> >>> rob >>> >> >> It turns out I'm not smart enough to untangle this mess. >> >> Is there any way to kind of start over? I managed to delete and >> recreate a couple replicas but the problems (obsolete ruv as far as I >> can tell) carry on with the new replicas. They won't even replicate >> back to the master they were created from. > > Once you have the right version of 389-ds then then cleanruv tasks work > a lot better. What version are you running now?
1.3.4.0. It's handcuffed to my CentOS 7 so I don't want to update it outside the CentOS ecosystem. What's the downside of upgrading it from source or an RPM for a different flavor of RedHat derived Linux? I'm a one-man band but I'd be interested in hearing a pitch from someone who is super smart on this stuff for a working consulting gig and maybe ongoing support. Who would I talk to at RedHat about coming in from the cold for full on corporate support? Thanks! > >> Basically, is there a way to do a fresh install of FreeIPA server, and >> do a dump/restore of data from my existing messed up install? > > Not really, no. You can migrate IPA to IPA but only users and groups and > you lose private groups for existing users (they become regular POSIX > groups). > > rob > -- Ian Harding IT Director Brown Paper Tickets 1-800-838-3006 ext 7186 http://www.brownpapertickets.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project