Re: [Freeipa-users] down master still in ldap, prevents re-enrolement

2016-09-22 Thread Rob Crittenden

Petr Vobornik wrote:

On 09/21/2016 11:25 PM, pgb205 wrote:

topology prior to deletion

master1<->master2

master2 deleted with ipa-server --uninstall command

During re-installation I get error that the replication agreement still exists
on master1.
I do see this using ipa-replica-manage list.

Tried deleting replication agreement with
ipa-replica-manage disconnect but receive 'no such replication agreement exist'

Force deletion and cleanup do not work
receive unexpected error: Server is unwilling to perform: database is read-only


removing directly from ldap gives me:
   ldapdelete -r -x -D "cn=Directory Manager" -W
'cn=fqdn,cn=masters,cn=ipa,cn=etc,dc=domain,dc=com'
Enter LDAP Password:
ldap_delete: Server is unwilling to perform (53)
ldap_delete: Server is unwilling to perform (53)
  additional info: database is read-only

But I am not sure if I'm not using correct path or if it's something else.

Might be related to Bug 826677 – IPA cannot remove disconnected replica data to
reconnect 




 Bug 826677 – IPA cannot remove disconnected replica data to reconnect







run on master1:
  ipa-csreplica-manage del master2 --force --clean
  ipa-replica-manage del master2 --force --clean

In that order. First step only if master2 was installed with CA.

Those command should clean left-over data from master2.

In standard situation, recommended uninstallation procedure for IPAs
prior FreeIPA 4.4 is:
   master1# ipa-csreplica-manage del master2
   master1# ipa-replica-manage del master2
   master2# ipa-server-install --uninstall



Ultimately the problem is that the database is set to read only.

$ ldapsearch -x -D 'cn=directory manager' -W -s base -b 'cn=userRoot, 
cn=ldbm database, cn=plugins, cn=config' nsslapd-readonly


rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project


Re: [Freeipa-users] down master still in ldap, prevents re-enrolement

2016-09-22 Thread Petr Vobornik
On 09/21/2016 11:25 PM, pgb205 wrote:
> topology prior to deletion
> 
> master1<->master2
> 
> master2 deleted with ipa-server --uninstall command
> 
> During re-installation I get error that the replication agreement still 
> exists 
> on master1.
> I do see this using ipa-replica-manage list.
> 
> Tried deleting replication agreement with
> ipa-replica-manage disconnect but receive 'no such replication agreement 
> exist'
> 
> Force deletion and cleanup do not work
> receive unexpected error: Server is unwilling to perform: database is 
> read-only
> 
> 
> removing directly from ldap gives me:
>   ldapdelete -r -x -D "cn=Directory Manager" -W 
> 'cn=fqdn,cn=masters,cn=ipa,cn=etc,dc=domain,dc=com'
> Enter LDAP Password:
> ldap_delete: Server is unwilling to perform (53)
> ldap_delete: Server is unwilling to perform (53)
>  additional info: database is read-only
> 
> But I am not sure if I'm not using correct path or if it's something else.
> 
> Might be related to Bug 826677 – IPA cannot remove disconnected replica data 
> to 
> reconnect 
> 
>   
> 
> 
> Bug 826677 – IPA cannot remove disconnected replica data to reconnect
> 
>   
> 
> 
> 

run on master1:
 ipa-csreplica-manage del master2 --force --clean
 ipa-replica-manage del master2 --force --clean

In that order. First step only if master2 was installed with CA.

Those command should clean left-over data from master2.

In standard situation, recommended uninstallation procedure for IPAs
prior FreeIPA 4.4 is:
  master1# ipa-csreplica-manage del master2
  master1# ipa-replica-manage del master2
  master2# ipa-server-install --uninstall
-- 
Petr Vobornik

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project