On 08/25/2016 03:10 PM, Mark Reynolds wrote: > > > On 08/25/2016 02:04 PM, Ian Harding wrote: >> >> On 08/25/2016 10:41 AM, Rob Crittenden wrote: >>> Ian Harding wrote: >>>> >>>> On 08/24/2016 06:33 PM, Rob Crittenden wrote: >>>>> Ian Harding wrote: >>>>>> I tried to simply uninstall and reinstall freeipa-dal and this >>>>>> happened. >>>>>> >>>>>> It only had a replication agreement with freeipa-sea >>>>>> >>>>>> [root@freeipa-dal ianh]# ipa-server-install --uninstall >>>>>> >>>>>> This is a NON REVERSIBLE operation and will delete all data and >>>>>> configuration! >>>>>> >>>>>> Are you sure you want to continue with the uninstall procedure? >>>>>> [no]: yes >>>>>> Shutting down all IPA services >>>>>> Removing IPA client configuration >>>>>> Unconfiguring ntpd >>>>>> Configuring certmonger to stop tracking system certificates for KRA >>>>>> Configuring certmonger to stop tracking system certificates for CA >>>>>> Unconfiguring CA >>>>>> Unconfiguring named >>>>>> Unconfiguring ipa-dnskeysyncd >>>>>> Unconfiguring web server >>>>>> Unconfiguring krb5kdc >>>>>> Unconfiguring kadmin >>>>>> Unconfiguring directory server >>>>>> Unconfiguring ipa_memcached >>>>>> Unconfiguring ipa-otpd >>>>>> [root@freeipa-dal ianh]# ipa-server-install --uninstall >>>>>> >>>>>> This is a NON REVERSIBLE operation and will delete all data and >>>>>> configuration! >>>>>> >>>>>> Are you sure you want to continue with the uninstall procedure? >>>>>> [no]: yes >>>>>> >>>>>> WARNING: Failed to connect to Directory Server to find information >>>>>> about >>>>>> replication agreements. Uninstallation will continue despite the >>>>>> possible >>>>>> existing replication agreements. >>>>>> Shutting down all IPA services >>>>>> Removing IPA client configuration >>>>>> Configuring certmonger to stop tracking system certificates for KRA >>>>>> Configuring certmonger to stop tracking system certificates for CA >>>>>> [root@freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns >>>>>> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg >>>>>> Directory Manager (existing master) password: >>>>>> >>>>>> The host freeipa-dal.bpt.rocks already exists on the master server. >>>>>> You should remove it before proceeding: >>>>>> % ipa host-del freeipa-dal.bpt.rocks >>>>>> [root@freeipa-dal ianh]# >>>>>> >>>>>> So I tried to delete it again with --force >>>>>> >>>>>> [root@freeipa-sea ianh]# ipa-replica-manage --force del >>>>>> freeipa-dal.bpt.rocks >>>>>> Directory Manager password: >>>>>> >>>>>> 'freeipa-sea.bpt.rocks' has no replication agreement for >>>>>> 'freeipa-dal.bpt.rocks' >>>>>> [root@freeipa-sea ianh]# >>>>>> >>>>>> Can't delete it from the master server either >>>>>> >>>>>> [root@seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks >>>>>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or >>>>>> disabled >>>>>> >>>>>> >>>>>> Now what? I'm running out of things that work. >>>>> Not sure what version of IPA you have but try: >>>>> >>>>> # ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks >>>>> >>>>> If this had a CA on it then you'll want to ensure that any replication >>>>> agreements it had have been removed as well. >>>>> >>>>> rob >>>>> >>>> It turns out I'm not smart enough to untangle this mess. >>>> >>>> Is there any way to kind of start over? I managed to delete and >>>> recreate a couple replicas but the problems (obsolete ruv as far as I >>>> can tell) carry on with the new replicas. They won't even replicate >>>> back to the master they were created from. >>> Once you have the right version of 389-ds then then cleanruv tasks work >>> a lot better. What version are you running now? >> 1.3.4.0. > Ian, > > Can you the exact version please? rpm -qa | grep 389-ds-base > > Thanks, > Mark
Sorry about the delay.. [root@freeipa-sea ianh]# rpm -qa | grep 389-ds-base 389-ds-base-libs-1.3.4.0-33.el7_2.x86_64 389-ds-base-1.3.4.0-33.el7_2.x86_64 >> It's handcuffed to my CentOS 7 so I don't want to update it >> outside the CentOS ecosystem. What's the downside of upgrading it from >> source or an RPM for a different flavor of RedHat derived Linux? >> >> I'm a one-man band but I'd be interested in hearing a pitch from someone >> who is super smart on this stuff for a working consulting gig and maybe >> ongoing support. Who would I talk to at RedHat about coming in from the >> cold for full on corporate support? >> >> Thanks! >> >>>> Basically, is there a way to do a fresh install of FreeIPA server, and >>>> do a dump/restore of data from my existing messed up install? >>> Not really, no. You can migrate IPA to IPA but only users and groups and >>> you lose private groups for existing users (they become regular POSIX >>> groups). >>> >>> rob >>> > -- Ian Harding IT Director Brown Paper Tickets 1-800-838-3006 ext 7186 http://www.brownpapertickets.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
