On 08/03/2016 08:06 PM, Ian Harding wrote:
> I deleted a replica that had a corrupted ldap database and it caused
> some problems. I'm now getting the dreaded
What do you mean by "deleted"? Ran `ipa-replica-mange del $server`?
Removed the machine completely? Or something else?
>
> [root@edinburghnfs ianh]# ipa-replica-manage connect freeipa-sea.bpt.rocks
> Connection unsuccessful: freeipa-sea.bpt.rocks is an IPA Server, but it
> might be unknown, foreign or previously deleted one.
>
> I had to go around and remove old replication agreements from the other
> replicas, but then they could connect again. This one, and another, I
> am not able to do that with. They were initially created with
> freeipa-sea as their master.
Which replica is the deleted one? freeipa-sea.bpt.rocks or edinburghnfs ?
>
> I assume I run ipa-server-install --uninstall on edinburghnis, then
> reinstall to fix?
>
> There's always an error about having to "Manually remove" the ldap
> database. What's the best way to do that?
Where is the error shown and what is the exact text?
In general
- if replica is removed/uninstall then it cannot be added back
- incorrectly removed repliacase might
- have still dangling replication agreements
- various ldap entries in LDAP db which are normally removed by
`ipa-replica-manage del $replica`
- suffer from dangling ruvs
Most of the issues above can be fixed by `ipa-(cs)replica-manage del
$replica --clean --force commands`. And then clean ruvs commands of the
same tool.
Correct order of IPA replica is:
- transfer CA CRL and CA renewal roles to different replica if this one
is the master which handles it
- make sure you have other relica with CA
- run `ipa-csreplica-manage del $tobedeleted` on different replica
- run `ipa-replica-manage del $tobedeleted` on different replica
- run `ipa-server-install --uninstall` on the to-be-delete-replica
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project