Re: [Freeipa-users] Deleting a down ipa master?
Nathan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/02/2013 02:48 PM, Rob Crittenden wrote: Nathan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/02/2013 01:56 PM, Rob Crittenden wrote: $ ldapsearch -LLL -x -b cn=oldmaster.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com dn Then carefully paste each dn, minus the dn:, in REVERSE order, to: $ ldapdelete -x -D 'cn=Directory Manager' -w cn=HTTP... cn=ldap... ^D to exit My ipa domain is "systems.lafayette.edu", so I had to work that into your search string, but I think I have it. So, here's some output. [root@caroline0 PROD ~]# ldapsearch -LLL -x -b cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu dn dn: cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayett e,dc=edu So, from your ldapdelete example, would I. $ ldapdelete -x -D 'cn=Directory Manager' -w cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu ^D Yup, use -W to prompt, or -w to pass on cli. Note that this confirms that IPA doesn't think this server is actually providing any services. rob This seems to have done the trick! [root@caroline0 PROD ~]# ldapdelete -x -D 'cn=Directory Manager' -W cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu Enter LDAP Password: [root@caroline0 PROD ~]# ldapsearch -LLL -x -b cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu dn No such object (32) Matched DN: cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu [root@caroline0 PROD ~]# ls anaconda-ks.cfg ca-agent.p12 cacert.p12 cobbler.ks install.log install.log.syslog ks-rhn-post.log RPM-GPG-KEY-lafayette [root@caroline0 PROD ~]# ipa-replica-manage list caroline0.lafayette.edu: master caroline2.lafayette.edu: master Great, glad it worked. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Deleting a down ipa master?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/02/2013 02:48 PM, Rob Crittenden wrote: > Nathan wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> >> >> On 05/02/2013 01:56 PM, Rob Crittenden wrote: >>> $ ldapsearch -LLL -x -b >>> cn=oldmaster.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com >>> >>> dn >>> >>> Then carefully paste each dn, minus the dn:, in REVERSE order, >>> to: >>> >>> $ ldapdelete -x -D 'cn=Directory Manager' -w cn=HTTP... >>> cn=ldap... >>> >>> ^D to exit >> >> My ipa domain is "systems.lafayette.edu", so I had to work that >> into your search string, but I think I have it. >> >> So, here's some output. >> >> [root@caroline0 PROD ~]# ldapsearch -LLL -x -b >> cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu >> >> >> dn >> dn: >> cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayett >> >> >> e,dc=edu >> >> So, from your ldapdelete example, would I. >> >> $ ldapdelete -x -D 'cn=Directory Manager' -w >> cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu >> >> >> ^D > > Yup, use -W to prompt, or -w to pass on cli. > > Note that this confirms that IPA doesn't think this server is > actually providing any services. > > rob > This seems to have done the trick! [root@caroline0 PROD ~]# ldapdelete -x -D 'cn=Directory Manager' -W cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu Enter LDAP Password: [root@caroline0 PROD ~]# ldapsearch -LLL -x -b cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu dn No such object (32) Matched DN: cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu [root@caroline0 PROD ~]# ls anaconda-ks.cfg ca-agent.p12 cacert.p12 cobbler.ks install.log install.log.syslog ks-rhn-post.log RPM-GPG-KEY-lafayette [root@caroline0 PROD ~]# ipa-replica-manage list caroline0.lafayette.edu: master caroline2.lafayette.edu: master Thanks a bunch! This is the second or third time you've helped me out of a bind, I owe you a beer. - -- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nathan Lager, RHCSA, RHCE (#110-011-426) System Administrator 11 Pardee Hall Lafayette College, Easton, PA 18042 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGCuiIACgkQsZqG4IN3sul5VQCdHxqnYgV6WHHRQXG/RivTLcnN F60AoKCoQAVXs99K0rcKhtkkefcAlQo4 =v07c -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Deleting a down ipa master?
Nathan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/02/2013 01:56 PM, Rob Crittenden wrote: $ ldapsearch -LLL -x -b cn=oldmaster.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com dn Then carefully paste each dn, minus the dn:, in REVERSE order, to: $ ldapdelete -x -D 'cn=Directory Manager' -w cn=HTTP... cn=ldap... ^D to exit My ipa domain is "systems.lafayette.edu", so I had to work that into your search string, but I think I have it. So, here's some output. [root@caroline0 PROD ~]# ldapsearch -LLL -x -b cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu dn dn: cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayett e,dc=edu So, from your ldapdelete example, would I. $ ldapdelete -x -D 'cn=Directory Manager' -w cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu ^D Yup, use -W to prompt, or -w to pass on cli. Note that this confirms that IPA doesn't think this server is actually providing any services. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Deleting a down ipa master?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/02/2013 01:56 PM, Rob Crittenden wrote: > $ ldapsearch -LLL -x -b > cn=oldmaster.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com > dn > > Then carefully paste each dn, minus the dn:, in REVERSE order, to: > > $ ldapdelete -x -D 'cn=Directory Manager' -w cn=HTTP... cn=ldap... > > ^D to exit My ipa domain is "systems.lafayette.edu", so I had to work that into your search string, but I think I have it. So, here's some output. [root@caroline0 PROD ~]# ldapsearch -LLL -x -b cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu dn dn: cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayett e,dc=edu So, from your ldapdelete example, would I. $ ldapdelete -x -D 'cn=Directory Manager' -w cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu ^D ? Thanks again! - -- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nathan Lager, RHCSA, RHCE (#110-011-426) System Administrator 11 Pardee Hall Lafayette College, Easton, PA 18042 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGCtLQACgkQsZqG4IN3suk/kgCfV1C+tJC9FjEQPudU1nffqgSJ /EYAn0pa23SIwgzdaqXqqfO+keS6bt1y =UF1L -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Deleting a down ipa master?
Nathan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/02/2013 01:07 PM, Rob Crittenden wrote: Nathan wrote: ipa-replica-manage does not seem to have a --cleanup option... Can you give me more detail about how it's used? --cleanup was introduced in FreeIPA 3.0. It sounds like you just have a masters entry left over in cn=masters,cn=ipa,cn=etc,dc=example,dc=com. If that is the case then you can simply remove those entries. You should also check out CLEANRUV at http://directory.fedoraproject.org/wiki/Howto:CLEANRUV (skip past the CLEANALLRUV part, it probably isn't available if you are still using IPA 2.2). root@caroline2 PROD ~]# rpm -qa ipa-server ipa-server-2.2.0-17.el6_3.1.x86_64 This is on RHEL 6.3. Thanks! I'll look into the doc you mentioned. How easy is it to check for, and remove the ldap entry you mentioned? I'm not an ldap admin, but I have some at my disposal if needed. $ ldapsearch -LLL -x -b cn=oldmaster.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com dn Then carefully paste each dn, minus the dn:, in REVERSE order, to: $ ldapdelete -x -D 'cn=Directory Manager' -w cn=HTTP... cn=ldap... ^D to exit rob Thanks! rob On 05/02/2013 12:07 PM, Petr Viktorin wrote: On 05/02/2013 05:21 PM, Nathan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 List still shows caroline1. [root@caroline2 PROD ~]# ipa-replica-manage list caroline0.lafayette.edu: master caroline2.lafayette.edu: master caroline1.lafayette.edu: master - -v does not seem to change the output at all. I even tried moving the - -v around in the command line, to see if placement mattered. [root@caroline2 PROD ~]# ipa-replica-manage -v del --force caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa-replica-manage del -v --force caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa-replica-manage del --force -v caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa-replica-manage list caroline0.lafayette.edu: master caroline2.lafayette.edu: master caroline1.lafayette.edu: master Is --cleanup destructive? Is there some reason that it should not try it? Looking at the code, it only cleans up the Kerberos info and host entry, not DNS records or RUV. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users - -- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nathan Lager, RHCSA, RHCE (#110-011-426) System Administrator 11 Pardee Hall Lafayette College, Easton, PA 18042 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGCossACgkQsZqG4IN3sunlrwCfVQy+yNXmf7HzBCFGn4drUJia lHcAn0XdEKth/TGZOLmqTe9SNvxLDwch =5I0n -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Deleting a down ipa master?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/02/2013 01:07 PM, Rob Crittenden wrote: > Nathan wrote: ipa-replica-manage does not seem to have a --cleanup > option... Can you give me more detail about how it's used? > >> --cleanup was introduced in FreeIPA 3.0. > >> It sounds like you just have a masters entry left over in >> cn=masters,cn=ipa,cn=etc,dc=example,dc=com. If that is the case >> then you can simply remove those entries. > >> You should also check out CLEANRUV at >> http://directory.fedoraproject.org/wiki/Howto:CLEANRUV (skip past >> the CLEANALLRUV part, it probably isn't available if you are >> still using IPA 2.2). > root@caroline2 PROD ~]# rpm -qa ipa-server ipa-server-2.2.0-17.el6_3.1.x86_64 This is on RHEL 6.3. Thanks! I'll look into the doc you mentioned. How easy is it to check for, and remove the ldap entry you mentioned? I'm not an ldap admin, but I have some at my disposal if needed. Thanks! >> rob > > > > > On 05/02/2013 12:07 PM, Petr Viktorin wrote: On 05/02/2013 05:21 PM, Nathan wrote: > -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > > List still shows caroline1. > > [root@caroline2 PROD ~]# ipa-replica-manage list > caroline0.lafayette.edu: master caroline2.lafayette.edu: > master caroline1.lafayette.edu: master > > > - -v does not seem to change the output at all. I even > tried moving the - -v around in the command line, to see if > placement mattered. > > [root@caroline2 PROD ~]# ipa-replica-manage -v del > --force caroline1.lafayette.edu 'caroline2.lafayette.edu' > has no replication agreement for 'caroline1.lafayette.edu' > [root@caroline2 PROD ~]# ipa-replica-manage del -v --force > caroline1.lafayette.edu 'caroline2.lafayette.edu' has no > replication agreement for 'caroline1.lafayette.edu' > [root@caroline2 PROD ~]# ipa-replica-manage del --force -v > caroline1.lafayette.edu 'caroline2.lafayette.edu' has no > replication agreement for 'caroline1.lafayette.edu' > [root@caroline2 PROD ~]# ipa-replica-manage list > caroline0.lafayette.edu: master caroline2.lafayette.edu: > master caroline1.lafayette.edu: master > > > Is --cleanup destructive? Is there some reason that it > should not try it? Looking at the code, it only cleans up the Kerberos info and host entry, not DNS records or RUV. > >> >> ___ Freeipa-users >> mailing list Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> > - -- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nathan Lager, RHCSA, RHCE (#110-011-426) System Administrator 11 Pardee Hall Lafayette College, Easton, PA 18042 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGCossACgkQsZqG4IN3sunlrwCfVQy+yNXmf7HzBCFGn4drUJia lHcAn0XdEKth/TGZOLmqTe9SNvxLDwch =5I0n -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Deleting a down ipa master?
Nathan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ipa-replica-manage does not seem to have a --cleanup option... Can you give me more detail about how it's used? --cleanup was introduced in FreeIPA 3.0. It sounds like you just have a masters entry left over in cn=masters,cn=ipa,cn=etc,dc=example,dc=com. If that is the case then you can simply remove those entries. You should also check out CLEANRUV at http://directory.fedoraproject.org/wiki/Howto:CLEANRUV (skip past the CLEANALLRUV part, it probably isn't available if you are still using IPA 2.2). rob On 05/02/2013 12:07 PM, Petr Viktorin wrote: On 05/02/2013 05:21 PM, Nathan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 List still shows caroline1. [root@caroline2 PROD ~]# ipa-replica-manage list caroline0.lafayette.edu: master caroline2.lafayette.edu: master caroline1.lafayette.edu: master - -v does not seem to change the output at all. I even tried moving the - -v around in the command line, to see if placement mattered. [root@caroline2 PROD ~]# ipa-replica-manage -v del --force caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa-replica-manage del -v --force caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa-replica-manage del --force -v caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa-replica-manage list caroline0.lafayette.edu: master caroline2.lafayette.edu: master caroline1.lafayette.edu: master Is --cleanup destructive? Is there some reason that it should not try it? Looking at the code, it only cleans up the Kerberos info and host entry, not DNS records or RUV. - -- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nathan Lager, RHCSA, RHCE (#110-011-426) System Administrator 11 Pardee Hall Lafayette College, Easton, PA 18042 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGCkkwACgkQsZqG4IN3sulyFwCfYizz9TOWlbFwKhel+zv7vsks HrUAn2ezKtOJvKzK3VoYILAKdJtdPWEJ =2KL+ -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Deleting a down ipa master?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ipa-replica-manage does not seem to have a --cleanup option... Can you give me more detail about how it's used? On 05/02/2013 12:07 PM, Petr Viktorin wrote: > On 05/02/2013 05:21 PM, Nathan wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> List still shows caroline1. >> >> [root@caroline2 PROD ~]# ipa-replica-manage list >> caroline0.lafayette.edu: master caroline2.lafayette.edu: master >> caroline1.lafayette.edu: master >> >> >> - -v does not seem to change the output at all. I even tried >> moving the - -v around in the command line, to see if placement >> mattered. >> >> [root@caroline2 PROD ~]# ipa-replica-manage -v del --force >> caroline1.lafayette.edu 'caroline2.lafayette.edu' has no >> replication agreement for 'caroline1.lafayette.edu' >> [root@caroline2 PROD ~]# ipa-replica-manage del -v --force >> caroline1.lafayette.edu 'caroline2.lafayette.edu' has no >> replication agreement for 'caroline1.lafayette.edu' >> [root@caroline2 PROD ~]# ipa-replica-manage del --force -v >> caroline1.lafayette.edu 'caroline2.lafayette.edu' has no >> replication agreement for 'caroline1.lafayette.edu' >> [root@caroline2 PROD ~]# ipa-replica-manage list >> caroline0.lafayette.edu: master caroline2.lafayette.edu: master >> caroline1.lafayette.edu: master >> >> >> Is --cleanup destructive? Is there some reason that it should >> not try it? > > Looking at the code, it only cleans up the Kerberos info and host > entry, not DNS records or RUV. > - -- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nathan Lager, RHCSA, RHCE (#110-011-426) System Administrator 11 Pardee Hall Lafayette College, Easton, PA 18042 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGCkkwACgkQsZqG4IN3sulyFwCfYizz9TOWlbFwKhel+zv7vsks HrUAn2ezKtOJvKzK3VoYILAKdJtdPWEJ =2KL+ -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Deleting a down ipa master?
On 05/02/2013 05:21 PM, Nathan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 List still shows caroline1. [root@caroline2 PROD ~]# ipa-replica-manage list caroline0.lafayette.edu: master caroline2.lafayette.edu: master caroline1.lafayette.edu: master - -v does not seem to change the output at all. I even tried moving the - -v around in the command line, to see if placement mattered. [root@caroline2 PROD ~]# ipa-replica-manage -v del --force caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa-replica-manage del -v --force caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa-replica-manage del --force -v caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa-replica-manage list caroline0.lafayette.edu: master caroline2.lafayette.edu: master caroline1.lafayette.edu: master Is --cleanup destructive? Is there some reason that it should not try it? Looking at the code, it only cleans up the Kerberos info and host entry, not DNS records or RUV. -- Petr³ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Deleting a down ipa master?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 List still shows caroline1. [root@caroline2 PROD ~]# ipa-replica-manage list caroline0.lafayette.edu: master caroline2.lafayette.edu: master caroline1.lafayette.edu: master - -v does not seem to change the output at all. I even tried moving the - -v around in the command line, to see if placement mattered. [root@caroline2 PROD ~]# ipa-replica-manage -v del --force caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa-replica-manage del -v --force caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa-replica-manage del --force -v caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa-replica-manage list caroline0.lafayette.edu: master caroline2.lafayette.edu: master caroline1.lafayette.edu: master Is --cleanup destructive? Is there some reason that it should not try it? On 05/02/2013 10:29 AM, Petr Viktorin wrote: > On 05/02/2013 04:17 PM, Nathan wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> I'm sorry, I should have mentioned that I've tried that already. >> Here's the ouput. >> >> [root@caroline2 PROD ~]# ipa-replica-manage del --force >> caroline1.lafayette.edu 'caroline2.lafayette.edu' has no >> replication agreement for 'caroline1.lafayette.edu' >> >> Thanks! > > Hmm. The error should be displayed, but the command should continue > on if there is info about the replica... Try running the command > with -v to get more info. You can use the --cleanup option as a > last resort. > > Also, could you check ipa-replica-manage list again, to make sure > it's still there? Sometimes it's not clear if the command worked. > > > - -- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nathan Lager, RHCSA, RHCE (#110-011-426) System Administrator 11 Pardee Hall Lafayette College, Easton, PA 18042 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGChJIACgkQsZqG4IN3sunhswCdGyA/edGn7n3uI0giqciE8cto a9QAn18zDqcsmlDX2YAxsCGMCFOAIISd =sRLv -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Deleting a down ipa master?
On 05/02/2013 04:17 PM, Nathan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm sorry, I should have mentioned that I've tried that already. Here's the ouput. [root@caroline2 PROD ~]# ipa-replica-manage del --force caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' Thanks! Hmm. The error should be displayed, but the command should continue on if there is info about the replica... Try running the command with -v to get more info. You can use the --cleanup option as a last resort. Also, could you check ipa-replica-manage list again, to make sure it's still there? Sometimes it's not clear if the command worked. -- Petr³ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Deleting a down ipa master?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm sorry, I should have mentioned that I've tried that already. Here's the ouput. [root@caroline2 PROD ~]# ipa-replica-manage del --force caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' Thanks! On 05/02/2013 10:00 AM, Petr Viktorin wrote: > Use the --force: > > ipa-replica-manage del --force caroline1.lafayette.edu > > The command tries severs replication agreements before deleting > info about the replica. With --force it will ignore the fact that > there's no agreement and continue on. - -- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nathan Lager, RHCSA, RHCE (#110-011-426) System Administrator 11 Pardee Hall Lafayette College, Easton, PA 18042 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGCdVwACgkQsZqG4IN3sunx7QCgl43MeBr0LHjbG7lXNn/TPDEU Y1UAoKRoPk4LDF+7J92N4VjrxMlq4n93 =wqIg -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Deleting a down ipa master?
On 05/02/2013 03:49 PM, Lager, Nathan T. wrote: I have an IPA server that i'm rebuilding. It was part of a 3 server replication. That is, three ipa replicas. Caroline0 through 2. I have the server rebuilt, the problem is, it wasn't cleanly removed from the ipa replication in the first place, so the other two replicas still think it exists. I thought it should be a simple matter of deleting the down replica on the other two, but thats not working out. Yes, I understand that it should have been cleanly uninstalled, and that would have avoided this. Live and learn. Here's some detail. Caroline1 is the server which is to be rebuilt. [root@caroline2 PROD ~]# ipa-replica-manage list caroline0.lafayette.edu: master caroline2.lafayette.edu: master caroline1.lafayette.edu: master [root@caroline2 PROD ~]# ipa-replica-manage del caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa host-del caroline1.lafayette.edu ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or disabled I have tried the same commands from Caroline0, which is the first ipa server i built, thinking that maybe it was in some way authoritative in some matters because it was the first. Same deal there. I've tried simply re-adding my rebuilt caroline1, hoping it would replace the old, no luck there. The host caroline1.lafayette.edu already exists on the master server. You should remove it before proceeding: % ipa host-del caroline1.lafayette.edu I think the key here is to convince the other two ipa servers, that caroline1 is no longer a master, but I haven't found a way to do that yet. Use the --force: ipa-replica-manage del --force caroline1.lafayette.edu The command tries severs replication agreements before deleting info about the replica. With --force it will ignore the fact that there's no agreement and continue on. -- Petr³ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Deleting a down ipa master?
I have an IPA server that i'm rebuilding. It was part of a 3 server replication. That is, three ipa replicas. Caroline0 through 2. I have the server rebuilt, the problem is, it wasn't cleanly removed from the ipa replication in the first place, so the other two replicas still think it exists. I thought it should be a simple matter of deleting the down replica on the other two, but thats not working out. Yes, I understand that it should have been cleanly uninstalled, and that would have avoided this. Live and learn. Here's some detail. Caroline1 is the server which is to be rebuilt. [root@caroline2 PROD ~]# ipa-replica-manage list caroline0.lafayette.edu: master caroline2.lafayette.edu: master caroline1.lafayette.edu: master [root@caroline2 PROD ~]# ipa-replica-manage del caroline1.lafayette.edu 'caroline2.lafayette.edu' has no replication agreement for 'caroline1.lafayette.edu' [root@caroline2 PROD ~]# ipa host-del caroline1.lafayette.edu ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or disabled I have tried the same commands from Caroline0, which is the first ipa server i built, thinking that maybe it was in some way authoritative in some matters because it was the first. Same deal there. I've tried simply re-adding my rebuilt caroline1, hoping it would replace the old, no luck there. The host caroline1.lafayette.edu already exists on the master server. You should remove it before proceeding: % ipa host-del caroline1.lafayette.edu I think the key here is to convince the other two ipa servers, that caroline1 is no longer a master, but I haven't found a way to do that yet. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nathan Lager System Administrator 11 Pardee Hall Lafayette College, Easton, PA 18042 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users