[Freeipa-users] Removing a replica fails everytime
Hi, Seems the un-install option for ipa-server hangs at un-configuring/stopping the web server every timethe result is the master thinks it has a replication agreement but the replica doesnt..its then not possible to re-add the replica to the masterits starts to work but fails when it tries to sync the data...that bit doesnt seem to occur.. Now the assumption seems to be the dirsrv on the server being removed is running...in effect you can only un-install if the system is working...which isnt why you want to --uninstall. DSo if you lose a server and it has no dirsrv you cannot remove it from the master's memory so a bare metal restore cannot be added Simple solution there needs to be a script or procedure that cleans the master properly. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Removing a replica fails everytime
any idea on this GSSAPI error?
[root@vuwunicoipam001 ~]# ipa-replica-manage list
vuwunicoipam002.ods.vuw.ac.nz: master
vuwunicoipam005.ods.vuw.ac.nz: master
vuwunicoipam003.ods.vuw.ac.nz: master
vuwunicoipam004.ods.vuw.ac.nz: master
vuwunicoipam001.ods.vuw.ac.nz: master
[root@vuwunicoipam001 ~]# ipa-replica-manage del vuwunicoipam003.ods.vuw.ac.nz
Unable to delete replica vuwunicoipam003.ods.vuw.ac.nz: {'info': 'SASL(-1):
generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide
more information (Cannot contact any KDC for requested realm)', 'desc': 'Local
error'}
[root@vuwunicoipam001 ~]#
I'd like to delete 4 and 5 as well as they are not masters
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Thursday, 14 June 2012 9:00 a.m.
Cc: freeipa-users@redhat.com
Subject: [Freeipa-users] Removing a replica fails everytime
Hi,
Seems the un-install option for ipa-server hangs at un-configuring/stopping the
web server every timethe result is the master thinks it has a replication
agreement but the replica doesnt..its then not possible to re-add the
replica to the masterits starts to work but fails when it tries to sync the
data...that bit doesnt seem to occur..
Now the assumption seems to be the dirsrv on the server being removed is
running...in effect you can only un-install if the system is working...which
isnt why you want to --uninstall. DSo if you lose a server and it has no dirsrv
you cannot remove it from the master's memory so a bare metal restore cannot
be added
Simple solution there needs to be a script or procedure that cleans the master
properly.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Removing a replica fails everytime
Steven Jones wrote: Hi, Seems the un-install option for ipa-server hangs at un-configuring/stopping the web server every timethe result is the master thinks it has a replication agreement but the replica doesnt..its then not possible to re-add the replica to the masterits starts to work but fails when it tries to sync the data...that bit doesnt seem to occur.. Can you investigate where it hangs? What is the last bit in the log? Is it that /sbin/service isn't returning? strace might be helpful. Now the assumption seems to be the dirsrv on the server being removed is running...in effect you can only un-install if the system is working...which isnt why you want to --uninstall. DSo if you lose a server and it has no dirsrv you cannot remove it from the master's memory so a bare metal restore cannot be added If a box goes away then you can remove references on the master it connected with using: ipa-replica-manage del replica-now-gone --force ipa host-del replica-now-gone Simple solution there needs to be a script or procedure that cleans the master properly. The solution is to figure out why your server is hanging. Nobody has ever reported seeing this before. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
