Re: [Freeipa-users] Issues with 'A replication agreement for the host already exists', when it very much doesn't

[Ludwig Krispenz]

On 12/21/2015 05:49 PM, Alex Williams wrote:
I began installing a new ipa4 replica this morning and it all went 
wrong. The ipa-replica-install script got all the way to restarting 
ipa with systemctl at the very end, having set up replication and then 
fell over, because systemctl couldn't find the ipa service. I removed 
the replica from our master, I deleted the host from there too, I 
un-installed ipa-server on the new replica machine, I even created a 
new replica-prepare script on the master, but now the server just 
errors immediately with:


A replication agreement for this host already exists. It needs to 
be removed.


I've verified several times, that no replica, or host with the same 
name exists in the master, there are no ldap entries under masters, 
with that hostname, nothing. There is literally no trace of the new 
host, on the old master. Running `ipa-replica-manage list` shows just 
the 3 ipa servers we have already, no sign of this new host. Yet, if I 
run `ipa-replica-manage del hostname --force` on the master, it will 
in fact say that it's forcing removal, skipping checking if anything 
will be orphaned and that no RUV records were found.


I'm now lost, I really don't know where to start with fixing this.
we should first try to get a clear picture of existing agreements and 
state of replication. Could you on all servers do the following searches 
(as directory manager)


ldapsearch -LLL -o ldif-wrap=no  . -b "cn=config" 
"objectclass=nsds5replicationagreement" nsDS5ReplicaRoot nsDS5ReplicaHost
ldapsearch -LLL -o ldif-wrap=no .. -b "cn=config" 
"objectclass=nsds5replica" nsDS5ReplicaRoot nsDS5ReplicaId nsds50ruv


Not sure if this is relevant or not, but I'd rather bring it up and it 
not be, than not mention it and it turn out to be the reason. Our yum 
mirror is unfortunately now holding rhel7.2 packages, whilst our 
servers, are still on rhel7.1, which means our existing IPA servers, 
are ipa4.1 and the new one I tried to install, was ipa4.2, but on a 
rhel7.1 box. I had previously attributed the failed systemctl command, 
to the fact that I was trying to run ipa4.2 on a rhel7.1 box, as I'm 
told there were a lot of modifications to systemctl in rhel7.2, but I 
need to fix this replication agreement issue, before I can try again 
with the box upgraded to rhel7.2.


Any ideas?

Cheers

Alex



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Issues with 'A replication agreement for the host already exists', when it very much doesn't

[Alex Williams]

I began installing a new ipa4 replica this morning and it all went 
wrong. The ipa-replica-install script got all the way to restarting ipa 
with systemctl at the very end, having set up replication and then fell 
over, because systemctl couldn't find the ipa service. I removed the 
replica from our master, I deleted the host from there too, I 
un-installed ipa-server on the new replica machine, I even created a new 
replica-prepare script on the master, but now the server just errors 
immediately with:


A replication agreement for this host already exists. It needs to 
be removed.


I've verified several times, that no replica, or host with the same name 
exists in the master, there are no ldap entries under masters, with that 
hostname, nothing. There is literally no trace of the new host, on the 
old master. Running `ipa-replica-manage list` shows just the 3 ipa 
servers we have already, no sign of this new host. Yet, if I run 
`ipa-replica-manage del hostname --force` on the master, it will in fact 
say that it's forcing removal, skipping checking if anything will be 
orphaned and that no RUV records were found.


I'm now lost, I really don't know where to start with fixing this.

Not sure if this is relevant or not, but I'd rather bring it up and it 
not be, than not mention it and it turn out to be the reason. Our yum 
mirror is unfortunately now holding rhel7.2 packages, whilst our 
servers, are still on rhel7.1, which means our existing IPA servers, are 
ipa4.1 and the new one I tried to install, was ipa4.2, but on a rhel7.1 
box. I had previously attributed the failed systemctl command, to the 
fact that I was trying to run ipa4.2 on a rhel7.1 box, as I'm told there 
were a lot of modifications to systemctl in rhel7.2, but I need to fix 
this replication agreement issue, before I can try again with the box 
upgraded to rhel7.2.


Any ideas?

Cheers

Alex

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project