On 08/29/2016 12:48 PM, Ian Harding wrote:
>
> On 08/25/2016 03:10 PM, Mark Reynolds wrote:
>>
>> On 08/25/2016 02:04 PM, Ian Harding wrote:
>>> On 08/25/2016 10:41 AM, Rob Crittenden wrote:
>>>> Ian Harding wrote:
>>>>> On 08/24/2016 06:33 PM, Rob Crittenden wrote:
>>>>>> Ian Harding wrote:
>>>>>>> I tried to simply uninstall and reinstall freeipa-dal and this
>>>>>>> happened.
>>>>>>>
>>>>>>> It only had a replication agreement with freeipa-sea
>>>>>>>
>>>>>>> [root@freeipa-dal ianh]# ipa-server-install --uninstall
>>>>>>>
>>>>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>>>>> configuration!
>>>>>>>
>>>>>>> Are you sure you want to continue with the uninstall procedure?
>>>>>>> [no]: yes
>>>>>>> Shutting down all IPA services
>>>>>>> Removing IPA client configuration
>>>>>>> Unconfiguring ntpd
>>>>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>>>>> Configuring certmonger to stop tracking system certificates for CA
>>>>>>> Unconfiguring CA
>>>>>>> Unconfiguring named
>>>>>>> Unconfiguring ipa-dnskeysyncd
>>>>>>> Unconfiguring web server
>>>>>>> Unconfiguring krb5kdc
>>>>>>> Unconfiguring kadmin
>>>>>>> Unconfiguring directory server
>>>>>>> Unconfiguring ipa_memcached
>>>>>>> Unconfiguring ipa-otpd
>>>>>>> [root@freeipa-dal ianh]# ipa-server-install --uninstall
>>>>>>>
>>>>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>>>>> configuration!
>>>>>>>
>>>>>>> Are you sure you want to continue with the uninstall procedure?
>>>>>>> [no]: yes
>>>>>>>
>>>>>>> WARNING: Failed to connect to Directory Server to find information
>>>>>>> about
>>>>>>> replication agreements. Uninstallation will continue despite the
>>>>>>> possible
>>>>>>> existing replication agreements.
>>>>>>> Shutting down all IPA services
>>>>>>> Removing IPA client configuration
>>>>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>>>>> Configuring certmonger to stop tracking system certificates for CA
>>>>>>> [root@freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns
>>>>>>> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg
>>>>>>> Directory Manager (existing master) password:
>>>>>>>
>>>>>>> The host freeipa-dal.bpt.rocks already exists on the master server.
>>>>>>> You should remove it before proceeding:
>>>>>>>       % ipa host-del freeipa-dal.bpt.rocks
>>>>>>> [root@freeipa-dal ianh]#
>>>>>>>
>>>>>>> So I tried to delete it again with --force
>>>>>>>
>>>>>>> [root@freeipa-sea ianh]# ipa-replica-manage --force del
>>>>>>> freeipa-dal.bpt.rocks
>>>>>>> Directory Manager password:
>>>>>>>
>>>>>>> 'freeipa-sea.bpt.rocks' has no replication agreement for
>>>>>>> 'freeipa-dal.bpt.rocks'
>>>>>>> [root@freeipa-sea ianh]#
>>>>>>>
>>>>>>> Can't delete it from the master server either
>>>>>>>
>>>>>>> [root@seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks
>>>>>>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
>>>>>>> disabled
>>>>>>>
>>>>>>>
>>>>>>> Now what?  I'm running out of things that work.
>>>>>> Not sure what version of IPA you have but try:
>>>>>>
>>>>>> # ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks
>>>>>>
>>>>>> If this had a CA on it then you'll want to ensure that any replication
>>>>>> agreements it had have been removed as well.
>>>>>>
>>>>>> rob
>>>>>>
>>>>> It turns out I'm not smart enough to untangle this mess.
>>>>>
>>>>> Is there any way to kind of start over?  I managed to delete and
>>>>> recreate a couple replicas but the problems (obsolete ruv as far as I
>>>>> can tell) carry on with the new replicas.  They won't even replicate
>>>>> back to the master they were created from.
>>>> Once you have the right version of 389-ds then then cleanruv tasks work
>>>> a lot better. What version are you running now?
>>> 1.3.4.0. 
>> Ian,
>>
>> Can you the exact version please?  rpm -qa | grep 389-ds-base
>>
>> Thanks,
>> Mark
> Sorry about the delay..
>
> [root@freeipa-sea ianh]# rpm -qa | grep 389-ds-base
> 389-ds-base-libs-1.3.4.0-33.el7_2.x86_64
> 389-ds-base-1.3.4.0-33.el7_2.x86_64
Now I'm not sure what is going on.  You are on the latest version of
389-ds-base, and it has the cleanAllRUV fix I was talking about. 
Perhaps the message "Waiting to process all the updates from the deleted
replica..." returned by "ipa-replica-manage list-clean-ruv" is not
accurate/current. 

If there are cleanAllRUV tasks running(and not finishing) there will be
evidence in the Directory Server's errors log.  If there are tasks
running the errors log will tell us exactly what is going on (the
logging is very good).  So if the "clean" task is not working start
tailing the DS errors log(/var/log/dirsrv/slapd-INSTANCE/errors), check
for logging that is prefixed with "CleanAllRUV Task", and you should see
what's really going on.  Please post this logging if you find anything.

Mark

>
>
>>>  It's handcuffed to my CentOS 7 so I don't want to update it
>>> outside the CentOS ecosystem.  What's the downside of upgrading it from
>>> source or an RPM for a different flavor of RedHat derived Linux?
>>>
>>> I'm a one-man band but I'd be interested in hearing a pitch from someone
>>> who is super smart on this stuff for a working consulting gig and maybe
>>> ongoing support.  Who would I talk to at RedHat about coming in from the
>>> cold for full on corporate support?
>>>
>>> Thanks!
>>>
>>>>> Basically, is there a way to do a fresh install of FreeIPA server, and
>>>>> do a dump/restore of data from my existing messed up install?
>>>> Not really, no. You can migrate IPA to IPA but only users and groups and
>>>> you lose private groups for existing users (they become regular POSIX
>>>> groups).
>>>>
>>>> rob
>>>>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to