[Freeipa-users] Re: IPA-Server Deletion issues

2018-02-14 Thread Jamal Mahmoud via FreeIPA-users
Perfect! Thanks for all the help Rob!

Jamal

On Wed 14 Feb 2018 at 19:08, Rob Crittenden  wrote:

> Jamal Mahmoud wrote:
> > Thank you Thierry for your help!
> >
> > I just deleted all the entries and hey presto! Oxygen is no longer
> > lingering around. Except that in my defaultServerList entry, oxygen is
> > still there, i have a feeling that is affecting something somewhere, or
> > will in the future. Would anyone know how to fix this?
> > after running:
> >
> > ldapsearch -LLL -D "cn=directory manager" -W -b "dc=eggvfx,dc=ie"
> > "(objectclass=*)" | grep oxygen
> >
> > The output is:
> > defaultServerList: oxygen.eggvfx.ie 
> > nitrogen.eggvfx.ie  lithium.eggvfx.ie
> > 
>
> You can use ldapmodify to drop the oxygen entry.
>
> defaultServerList is used for some kinds of discovery (DUA profiles).
>
> rob
>
> >
> > Thanks again for your help!
> > Jamal
> >
> > 
> >
> >
> >
> > *Jamal Mahmoud* / Pipeline TD
> > jamal.mahm...@egg.ie 
> >
> > 35 Fitzwilliam Street Upper, Dublin.
> > P: +353 1 6345440
> >
> > Twitter   Facebook
> >  LinkedIn
> >  Vimeo
> > 
> >
> >
> > On 14 February 2018 at 16:20, thierry bordaz  > > wrote:
> >
> > I think it is okay to do the delete.
> > topology plugin is a reader of master container and should take into
> > account those changes. Now it may require a restart.
> >
> > Just for your information I will be out of the office tonight being
> > back Feb 23rd
> >
> > best regards
> > thierry
> >
> > On 02/14/2018 04:25 PM, Jamal Mahmoud wrote:
> >> Would it hurt to try running those ldapdelete commands? or would
> >> that make it worse?
> >>
> >> Thanks for your help Thierry,
> >>
> >> 
> >>
> >>
> >>
> >> *Jamal Mahmoud* / Pipeline TD
> >> jamal.mahm...@egg.ie 
> >>
> >> 35 Fitzwilliam Street Upper, Dublin.
> >> P: +353 1 6345440 
> >>
> >> Twitter   Facebook
> >>  LinkedIn
> >>  Vimeo
> >> 
> >>
> >>
> >>
> >>
> >>
> >> On 14 February 2018 at 14:56, thierry bordaz  >> > wrote:
> >>
> >> Hummm... to be honest I have not the skill of support guys to
> >> get rid of conflicts in IPA :(
> >>
> >> Removing the conflicts entries under 'masters' should relax
> >> topology plugin to accept deletion of the segments.
> >> You may ping again freeipa-users to get more advice how to
> >> repair a topology with conflicts entries.
> >>
> >> We know that we have a former server that is a conflict entry
> >> under 'master'.
> >> Also that it exists segments to that server, likely because
> >> topology plugin hit the same issues than others IPA CLI.
> >>
> >> On 02/14/2018 03:43 PM, Jamal Mahmoud wrote:
> >>> Haha! I almost went ahead and ran those deletes without
> >>> thinking! Sick of oxygen at this point!
> >>> Okay so I grepped oxygen from that output file and if i'm not
> >>> mistaken there are references to it in the topology.
> >>>
> >>> dn: cn=nitrogen.eggvfx.ie-to-oxygen.eggvfx.ie
> >>>  >,cn=domain,cn=topology,cn=ipa,cn=
> >>> cn: nitrogen.eggvfx.ie-to-oxygen.eggvfx.ie
> >>> 
> >>> ipaReplTopoSegmentRightNode: oxygen.eggvfx.ie
> >>> 
> >>> dn: cn=nitrogen.eggvfx.ie-to-oxygen.eggvfx.ie
> >>>  >,cn=ca,cn=topology,cn=ipa,cn=etc,
> >>> cn: nitrogen.eggvfx.ie-to-oxygen.eggvfx.ie
> >>> 
> >>> ipaReplTopoSegmentRightNode: oxygen.eggvfx.ie
> >>> 
> >>> dn: cn=oxygen.eggvfx.ie
> >>>  >+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,cn=mast
> >>> cn: oxygen.eggvfx.ie 
> >>>
> >>>
> >>> I see that some of the lines have been truncated but you can
> >>> see the start of some lines point to segment nodes with
> >>> Nitrogen, is it okay still to run this ldapdelete?
> >>>
> >>>
> >>> 
> >>>
> >>>
> >>>
> >>> *Jamal Mahmoud* / Pipeline TD
> >>> jamal.mahm...@egg.ie 
> >>>
> >>> 35 Fitzwilliam Street 

[Freeipa-users] Re: IPA-Server Deletion issues

2018-02-13 Thread Rob Crittenden via FreeIPA-users
Jamal Mahmoud via FreeIPA-users wrote:
> Hi Rob,
> 
> I've isolated the output on lithium when i ran
> ipa-replica-manage del oxygen.eggvfx.ie 
> --force --cleanup
> It's quite heavy still but here it is

This is helpful. It shows that oxygen is being looked for in the IPA
masters location, cn=masters and is returning err=32, not found.

What I don't know is why or where this query is coming from.

There are several queries that look like they might originate in the
389-ds topology plugin but I couldn't find where and I'm not familiar
with it in general. Queries like:

SRCH base="cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" scope=1
filter="(objectClass=top)" attrs="ipaMaxDomainLevel cn ipaMinDomainLevel
ipaReplTopoManagedSuffix ipaLocation ipaServiceWeight"

I'm not entirely sure when you invoke ipa-replica-manage if it is
calling the topology plugin under the hood or not. It almost certainly
is when you use the UI.

I'm cc'ing someone who knows this better.

rob

> 
> [13/Feb/2018:09:14:45.823204160 +] conn=192207 fd=155 slot=155 SSL
> connection from 192.168.94.4 to 192.168.94.4
> [13/Feb/2018:09:14:46.027998523 +] conn=192207 TLS1.2 256-bit AES-GCM
> [13/Feb/2018:09:14:46.031226897 +] conn=45 op=31409 SRCH
> base="dc=eggvfx,dc=ie" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/eggvfx...@eggvfx.ie
> )(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/eggvfx...@eggvfx.ie
> )))" attrs="krbPrincipalName
> krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
> krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
> passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink
> objectClass"
> [13/Feb/2018:09:14:46.031713683 +] conn=45 op=31409 RESULT err=0
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:46.032193288 +] conn=45 op=31410 SRCH
> base="dc=eggvfx,dc=ie" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/lithium.eggvfx...@eggvfx.ie
> )(krbPrincipalName:caseIgnoreIA5Match:=ldap/lithium.eggvfx...@eggvfx.ie
> )))" attrs="krbPrincipalName
> krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
> krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
> passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink
> objectClass"
> [13/Feb/2018:09:14:46.032529772 +] conn=45 op=31410 RESULT err=0
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:46.032696842 +] conn=45 op=31411 SRCH
> base="cn=EGGVFX.IE ,cn=kerberos,dc=eggvfx,dc=ie"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [13/Feb/2018:09:14:46.032904807 +] conn=45 op=31411 RESULT err=0
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:46.033085928 +] conn=45 op=31412 SRCH
> base="dc=eggvfx,dc=ie" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ad...@eggvfx.ie
> ))" attrs="krbPrincipalName krbCanonicalName
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
> krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
> passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink
> objectClass"
> [13/Feb/2018:09:14:46.033377257 +] conn=45 op=31412 RESULT err=0
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:46.033555617 +] conn=45 op=31413 SRCH
> base="cn=EGGVFX.IE ,cn=kerberos,dc=eggvfx,dc=ie"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [13/Feb/2018:09:14:46.033714662 +] conn=45 op=31413 RESULT err=0
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:46.034731567 +] conn=192207 op=0 BIND dn=""
> method=sasl version=3 mech=GSSAPI
> [13/Feb/2018:09:14:46.776688499 +] conn=192207 op=0 RESULT err=14
> tag=97 nentries=0 etime=1, 

[Freeipa-users] Re: IPA-Server Deletion issues

2018-02-08 Thread Jamal Mahmoud via FreeIPA-users
Sure thing,
Output on* lithium*:

[root@lithium ~]# ipa-replica-manage del oxygen.eggvfx.ie --force --cleanup
oxygen.eggvfx.ie: server not found


[root@lithium ~]# ipa domainlevel-get
---
Current domain level: 1
---


Output on *nitrogen*:

[root@nitrogen ~]# ipa-replica-manage del oxygen.eggvfx.ie --force --cleanup
oxygen.eggvfx.ie: server not found


[root@nitrogen ~]# ipa domainlevel-get
---
Current domain level: 1
---

I hope this helps,

Jamal



*Jamal Mahmoud* / Pipeline TD
jamal.mahm...@egg.ie

35 Fitzwilliam Street Upper, Dublin.
P: +353 1 6345440

[image: Twitter]   [image: Facebook]
 [image: LinkedIn]
 [image: Vimeo]



On 7 February 2018 at 20:34, Rob Crittenden  wrote:

> Jamal Mahmoud via FreeIPA-users wrote:
> > Hi Rob,
> >
> > Just wondering if you had time to look at this issue for me? Still stuck
> > in a state of limbo with this IDM and i have run out of options. Any
> > help in resolving this issue would be appreciated.
>
> A few more questions.
>
> What is the output of: ipa domainlevel-get
>
> Can you show the full output of ipa-replica-manage del oxygen... --force
> --cleanup
>
> And on what master are you running that?
>
> rob
>
> >
> > Many Thanks,
> > Jamal
> >
> >
> > On 1 February 2018 at 17:04, Jamal Mahmoud  > > wrote:
> >
> > Sorry about the lack of clarification Rob!
> >
> > I have 3 servers, all running CentOS 7.4, FreeIPA version 4.5.0. the
> > hostnames are lithium, nitrogen and the recently deceased oxygen.
> > all are masters under the same Realm which is EGGVFX.IE
> > 
> >
> > The "server not found" error is exactly what shows when i try to
> > delete the server from command line or the Web UI.
> >
> > When i run ipa-replica-manage list -v `hostname` this is the output
> > from the servers:
> >
> > Lithium Output:
> > root@lithium# ipa-replica-manage list -v `hostname`
> > nitrogen.eggvfx.ie : replica
> >   last init status: 0 Total update succeeded
> >   last init ended: 2018-02-01 10:51:14+00:00
> >   last update status: Error (0) Replica acquired successfully:
> > Incremental update succeeded
> >   last update ended: 2018-02-01 16:24:37+00:00
> >
> > Nitrogen Output:
> > root@nitrogen# ipa-replica-manage list -v `hostname`
> > lithium.eggvfx.ie : replica
> >   last init status: None
> >   last init ended: 1970-01-01 00:00:00+00:00
> >   last update status: Error (0) Replica acquired successfully:
> > Incremental update succeeded
> >   last update ended: 2018-02-01 10:48:18+00:00
> > oxygen.eggvfx.ie : replica
> >   last init status: None
> >   last init ended: 1970-01-01 00:00:00+00:00
> >   last update status: Error (-1) Problem connecting to replica -
> > LDAP error: Can't contact LDAP server (connection error)
> >   last update ended: 1970-01-01 00:00:00+00:00
> >
> > There is no entries for oxygen in host-find. I hope this helps clear
> > the story a bit for you.
> >
> > 
> >
> >
> >
> > *Jamal Mahmoud* / Pipeline TD
> > jamal.mahm...@egg.ie 
> >
> > 35 Fitzwilliam Street Upper, Dublin.
> > P: +353 1 6345440 
> >
> > Twitter   Facebook
> >  LinkedIn
> >  Vimeo
> > 
> >
> >
> > On 1 February 2018 at 15:30, Rob Crittenden  > > wrote:
> >
> > Jamal Mahmoud via FreeIPA-users wrote:
> > > I'm having strange issues with removing one of my freeIPA
> masters, I
> > > managed to mess up the deletion process and my system seems to
> be stuck
> > > in a state of limbo, my current setup is 3 servers ( 1 has been
> > > decommissioned) that all share the CA/Domain responsibilities.
> When i
> > > run the command .>
> > > *ipa-replica-manage list*
> > > *
> > > *it produces 3 servers as active masters, when this is not
> > true as i
> > > have uninstalled ipa-server on one. Trying to delete it
> through that
> > > command has given me no luck, even using *--force* and
> > *--cleanup* does
> > > not work. the same error output appears:
> > >
> > > *oxygen.eggvfx.ie 
> > : server not found*
> >
> > I think we need more information. What version of IPA is 

[Freeipa-users] Re: IPA-Server Deletion issues

2018-02-07 Thread Rob Crittenden via FreeIPA-users
Jamal Mahmoud via FreeIPA-users wrote:
> Hi Rob,
> 
> Just wondering if you had time to look at this issue for me? Still stuck
> in a state of limbo with this IDM and i have run out of options. Any
> help in resolving this issue would be appreciated.

A few more questions.

What is the output of: ipa domainlevel-get

Can you show the full output of ipa-replica-manage del oxygen... --force
--cleanup

And on what master are you running that?

rob

> 
> Many Thanks, 
> Jamal
> 
> 
> On 1 February 2018 at 17:04, Jamal Mahmoud  > wrote:
> 
> Sorry about the lack of clarification Rob! 
> 
> I have 3 servers, all running CentOS 7.4, FreeIPA version 4.5.0. the
> hostnames are lithium, nitrogen and the recently deceased oxygen.
> all are masters under the same Realm which is EGGVFX.IE
>  
> 
> The "server not found" error is exactly what shows when i try to
> delete the server from command line or the Web UI. 
> 
> When i run ipa-replica-manage list -v `hostname` this is the output
> from the servers:
> 
> Lithium Output:
> root@lithium# ipa-replica-manage list -v `hostname`
> nitrogen.eggvfx.ie : replica
>   last init status: 0 Total update succeeded
>   last init ended: 2018-02-01 10:51:14+00:00
>   last update status: Error (0) Replica acquired successfully:
> Incremental update succeeded
>   last update ended: 2018-02-01 16:24:37+00:00
> 
> Nitrogen Output:
> root@nitrogen# ipa-replica-manage list -v `hostname`
> lithium.eggvfx.ie : replica
>   last init status: None
>   last init ended: 1970-01-01 00:00:00+00:00
>   last update status: Error (0) Replica acquired successfully:
> Incremental update succeeded
>   last update ended: 2018-02-01 10:48:18+00:00
> oxygen.eggvfx.ie : replica
>   last init status: None
>   last init ended: 1970-01-01 00:00:00+00:00
>   last update status: Error (-1) Problem connecting to replica -
> LDAP error: Can't contact LDAP server (connection error)
>   last update ended: 1970-01-01 00:00:00+00:00
> 
> There is no entries for oxygen in host-find. I hope this helps clear
> the story a bit for you. 
> 
> 
> 
>   
> 
> *Jamal Mahmoud* / Pipeline TD
> jamal.mahm...@egg.ie 
> 
> 35 Fitzwilliam Street Upper, Dublin. 
> P: +353 1 6345440 
> 
> Twitter   Facebook 
>  LinkedIn 
>  Vimeo 
> 
> 
> 
> On 1 February 2018 at 15:30, Rob Crittenden  > wrote:
> 
> Jamal Mahmoud via FreeIPA-users wrote:
> > I'm having strange issues with removing one of my freeIPA masters, I
> > managed to mess up the deletion process and my system seems to be 
> stuck
> > in a state of limbo, my current setup is 3 servers ( 1 has been
> > decommissioned) that all share the CA/Domain responsibilities. When 
> i
> > run the command .>
> > *ipa-replica-manage list*
> > *
> > *it produces 3 servers as active masters, when this is not
> true as i
> > have uninstalled ipa-server on one. Trying to delete it through that
> > command has given me no luck, even using *--force* and
> *--cleanup* does
> > not work. the same error output appears:
> >
> > *oxygen.eggvfx.ie 
> : server not found*
> 
> I think we need more information. What version of IPA is this, what
> distribution?
> 
> Is the above error the exact error you are getting?
> 
> As I understand it you ran ipa-server-install --uninstall and
> THEN tried
> to delete the master?
> 
> What does ipa-replica-manage list -v `hostname` show on one of
> the other
> masters?
> 
> > *
> > *
> > I'm not very good with ldap tools but after running 
> >
> > *ldapsearch -x *
> > *
> > *there is a reference to the oxygen server still sitting in
> there, it
> > seems that the dirty entry is still hanging around my system, i'm
> > wondering if there is any way to resolve this? 
> >
> > ldapsearch output:
> > *defaultServerList: oxygen.eggvfx.ie 
> 
> > nitrogen.eggvfx.ie 
>  lithium.eggvfx.ie
> 
> > *
> 
> An anonymous LDAP search won't show 

[Freeipa-users] Re: IPA-Server Deletion issues

2018-02-07 Thread Jamal Mahmoud via FreeIPA-users
Hi Rob,

Just wondering if you had time to look at this issue for me? Still stuck in
a state of limbo with this IDM and i have run out of options. Any help in
resolving this issue would be appreciated.

Many Thanks,
Jamal


On 1 February 2018 at 17:04, Jamal Mahmoud  wrote:

> Sorry about the lack of clarification Rob!
>
> I have 3 servers, all running CentOS 7.4, FreeIPA version 4.5.0. the
> hostnames are lithium, nitrogen and the recently deceased oxygen. all are
> masters under the same Realm which is EGGVFX.IE
>
> The "server not found" error is exactly what shows when i try to delete
> the server from command line or the Web UI.
>
> When i run ipa-replica-manage list -v `hostname` this is the output from
> the servers:
>
> Lithium Output:
> root@lithium# ipa-replica-manage list -v `hostname`
> nitrogen.eggvfx.ie: replica
>   last init status: 0 Total update succeeded
>   last init ended: 2018-02-01 10:51:14+00:00
>   last update status: Error (0) Replica acquired successfully: Incremental
> update succeeded
>   last update ended: 2018-02-01 16:24:37+00:00
>
> Nitrogen Output:
> root@nitrogen# ipa-replica-manage list -v `hostname`
> lithium.eggvfx.ie: replica
>   last init status: None
>   last init ended: 1970-01-01 00:00:00+00:00
>   last update status: Error (0) Replica acquired successfully: Incremental
> update succeeded
>   last update ended: 2018-02-01 10:48:18+00:00
> oxygen.eggvfx.ie: replica
>   last init status: None
>   last init ended: 1970-01-01 00:00:00+00:00
>   last update status: Error (-1) Problem connecting to replica - LDAP
> error: Can't contact LDAP server (connection error)
>   last update ended: 1970-01-01 00:00:00+00:00
>
> There is no entries for oxygen in host-find. I hope this helps clear the
> story a bit for you.
>
> 
>
> *Jamal Mahmoud* / Pipeline TD
> jamal.mahm...@egg.ie
>
> 35 Fitzwilliam Street Upper, Dublin.
> P: +353 1 6345440 <+353%201%20634%205440>
>
> [image: Twitter]   [image: Facebook]
>  [image: LinkedIn]
>  [image: Vimeo]
> 
>
>
> On 1 February 2018 at 15:30, Rob Crittenden  wrote:
>
>> Jamal Mahmoud via FreeIPA-users wrote:
>> > I'm having strange issues with removing one of my freeIPA masters, I
>> > managed to mess up the deletion process and my system seems to be stuck
>> > in a state of limbo, my current setup is 3 servers ( 1 has been
>> > decommissioned) that all share the CA/Domain responsibilities. When i
>> > run the command .>
>> > *ipa-replica-manage list*
>> > *
>> > *it produces 3 servers as active masters, when this is not true as i
>> > have uninstalled ipa-server on one. Trying to delete it through that
>> > command has given me no luck, even using *--force* and *--cleanup* does
>> > not work. the same error output appears:
>> >
>> > *oxygen.eggvfx.ie : server not found*
>>
>> I think we need more information. What version of IPA is this, what
>> distribution?
>>
>> Is the above error the exact error you are getting?
>>
>> As I understand it you ran ipa-server-install --uninstall and THEN tried
>> to delete the master?
>>
>> What does ipa-replica-manage list -v `hostname` show on one of the other
>> masters?
>>
>> > *
>> > *
>> > I'm not very good with ldap tools but after running
>> >
>> > *ldapsearch -x *
>> > *
>> > *there is a reference to the oxygen server still sitting in there, it
>> > seems that the dirty entry is still hanging around my system, i'm
>> > wondering if there is any way to resolve this?
>> >
>> > ldapsearch output:
>> > *defaultServerList: oxygen.eggvfx.ie 
>> > nitrogen.eggvfx.ie  lithium.eggvfx.ie
>> > *
>>
>> An anonymous LDAP search won't show much.
>>
>> Does it show up in host-find?
>>
>> rob
>>
>> > *
>> > Looking at the topology graph in the web ui i can see that there are
>> > still ties between one of my servers and oxygen. It will also not allow
>> > me to delete the server ties ( error: *Server is unwilling to perform:
>> > Removal of Segment disconnects topology.Deletion not allowed.)* nor will
>> > the ui allow me to delete the IPA server (*oxygen.eggvfx.ie
>> > : server not found*)
>> >
>> > Any help is greatly appreciated,
>> >
>> > Many Thanks,
>> > Jamal Mahmoud
>> >
>> >
>> >
>> > ___
>> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> > To unsubscribe send an email to freeipa-users-le...@lists.fedo
>> rahosted.org
>> >
>>
>>
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


[Freeipa-users] Re: IPA-Server Deletion issues

2018-02-01 Thread Jamal Mahmoud via FreeIPA-users
Sorry about the lack of clarification Rob!

I have 3 servers, all running CentOS 7.4, FreeIPA version 4.5.0. the
hostnames are lithium, nitrogen and the recently deceased oxygen. all are
masters under the same Realm which is EGGVFX.IE

The "server not found" error is exactly what shows when i try to delete the
server from command line or the Web UI.

When i run ipa-replica-manage list -v `hostname` this is the output from
the servers:

Lithium Output:
root@lithium# ipa-replica-manage list -v `hostname`
nitrogen.eggvfx.ie: replica
  last init status: 0 Total update succeeded
  last init ended: 2018-02-01 10:51:14+00:00
  last update status: Error (0) Replica acquired successfully: Incremental
update succeeded
  last update ended: 2018-02-01 16:24:37+00:00

Nitrogen Output:
root@nitrogen# ipa-replica-manage list -v `hostname`
lithium.eggvfx.ie: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) Replica acquired successfully: Incremental
update succeeded
  last update ended: 2018-02-01 10:48:18+00:00
oxygen.eggvfx.ie: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (-1) Problem connecting to replica - LDAP
error: Can't contact LDAP server (connection error)
  last update ended: 1970-01-01 00:00:00+00:00

There is no entries for oxygen in host-find. I hope this helps clear the
story a bit for you.



*Jamal Mahmoud* / Pipeline TD
jamal.mahm...@egg.ie

35 Fitzwilliam Street Upper, Dublin.
P: +353 1 6345440

[image: Twitter]   [image: Facebook]
 [image: LinkedIn]
 [image: Vimeo]



On 1 February 2018 at 15:30, Rob Crittenden  wrote:

> Jamal Mahmoud via FreeIPA-users wrote:
> > I'm having strange issues with removing one of my freeIPA masters, I
> > managed to mess up the deletion process and my system seems to be stuck
> > in a state of limbo, my current setup is 3 servers ( 1 has been
> > decommissioned) that all share the CA/Domain responsibilities. When i
> > run the command .>
> > *ipa-replica-manage list*
> > *
> > *it produces 3 servers as active masters, when this is not true as i
> > have uninstalled ipa-server on one. Trying to delete it through that
> > command has given me no luck, even using *--force* and *--cleanup* does
> > not work. the same error output appears:
> >
> > *oxygen.eggvfx.ie : server not found*
>
> I think we need more information. What version of IPA is this, what
> distribution?
>
> Is the above error the exact error you are getting?
>
> As I understand it you ran ipa-server-install --uninstall and THEN tried
> to delete the master?
>
> What does ipa-replica-manage list -v `hostname` show on one of the other
> masters?
>
> > *
> > *
> > I'm not very good with ldap tools but after running
> >
> > *ldapsearch -x *
> > *
> > *there is a reference to the oxygen server still sitting in there, it
> > seems that the dirty entry is still hanging around my system, i'm
> > wondering if there is any way to resolve this?
> >
> > ldapsearch output:
> > *defaultServerList: oxygen.eggvfx.ie 
> > nitrogen.eggvfx.ie  lithium.eggvfx.ie
> > *
>
> An anonymous LDAP search won't show much.
>
> Does it show up in host-find?
>
> rob
>
> > *
> > Looking at the topology graph in the web ui i can see that there are
> > still ties between one of my servers and oxygen. It will also not allow
> > me to delete the server ties ( error: *Server is unwilling to perform:
> > Removal of Segment disconnects topology.Deletion not allowed.)* nor will
> > the ui allow me to delete the IPA server (*oxygen.eggvfx.ie
> > : server not found*)
> >
> > Any help is greatly appreciated,
> >
> > Many Thanks,
> > Jamal Mahmoud
> >
> >
> >
> > ___
> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> > To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org
> >
>
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


[Freeipa-users] Re: IPA-Server Deletion issues

2018-02-01 Thread Rob Crittenden via FreeIPA-users
Jamal Mahmoud via FreeIPA-users wrote:
> I'm having strange issues with removing one of my freeIPA masters, I
> managed to mess up the deletion process and my system seems to be stuck
> in a state of limbo, my current setup is 3 servers ( 1 has been
> decommissioned) that all share the CA/Domain responsibilities. When i
> run the command .>
> *ipa-replica-manage list*
> *
> *it produces 3 servers as active masters, when this is not true as i
> have uninstalled ipa-server on one. Trying to delete it through that
> command has given me no luck, even using *--force* and *--cleanup* does
> not work. the same error output appears:
> 
> *oxygen.eggvfx.ie : server not found*

I think we need more information. What version of IPA is this, what
distribution?

Is the above error the exact error you are getting?

As I understand it you ran ipa-server-install --uninstall and THEN tried
to delete the master?

What does ipa-replica-manage list -v `hostname` show on one of the other
masters?

> *
> *
> I'm not very good with ldap tools but after running 
> 
> *ldapsearch -x *
> *
> *there is a reference to the oxygen server still sitting in there, it
> seems that the dirty entry is still hanging around my system, i'm
> wondering if there is any way to resolve this? 
> 
> ldapsearch output:
> *defaultServerList: oxygen.eggvfx.ie 
> nitrogen.eggvfx.ie  lithium.eggvfx.ie
> *

An anonymous LDAP search won't show much.

Does it show up in host-find?

rob

> *
> Looking at the topology graph in the web ui i can see that there are
> still ties between one of my servers and oxygen. It will also not allow
> me to delete the server ties ( error: *Server is unwilling to perform:
> Removal of Segment disconnects topology.Deletion not allowed.)* nor will
> the ui allow me to delete the IPA server (*oxygen.eggvfx.ie
> : server not found*) 
> 
> Any help is greatly appreciated,
> 
> Many Thanks,
> Jamal Mahmoud
> 
> 
> 
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> 
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org