Re: [Freeipa-users] freeipa restore backup on a new server

2016-04-12 Thread Rakesh Rajasekharan 
Hello David,

I figured that out,

I am adding the ip address in the /etc/hosts file for reverse dns.. this is
coz, am not using the freeipa as a dns.

So, while restoring it still had the earlier entry.

I just corrected it and things worked fine...

Thanks...

On Tue, Apr 12, 2016 at 4:45 PM, David Kupka  wrote:

> On 12/04/16 11:26, Rakesh Rajasekharan wrote:
>
>> Hi ,
>>
>> I am running ipa-server verison 4.2 on AWS,and testing the freeipa backup
>> and
>> restore .
>>
>> The restoration works fine if its on the same host, wherin i uninstall
>> freeipa
>> and then install it back and then do a full restore.
>>
>> However, if its a new machine with a different ip, the restoration fails.
>>
>> I am running the restoration from an ansible playbook.. heres the output,
>> that I get
>>
>> Preparing restore from /tmp/ipa/ipa-full-2016-04-12 on
>> test-ipa-master-int.xyz.com 
>> Performing FULL restore from FULL backup
>> Each master will individually need to be re-initialized or
>> re-created from this one. The replication agreements on
>> masters running IPA 3.1 or earlier will need to be manually
>> re-enabled. See the man page for details.
>> Disabling all replication.
>> Stopping IPA services
>> Systemwide CA database updated.
>> Restoring files
>> Systemwide CA database updated.
>> Restoring from userRoot in xyz-COM
>> Restoring from ipaca in xyz-COM
>> Starting IPA services
>> Command ''ipactl' 'start'' returned non-zero exit status 1
>> stdout: Configuring certmonger to stop tracking system certificates for CA
>>
>> Is there a limitation that the ip needs to be the same for a restore to
>> happen
>> or am I missing something.
>>
>> Thanks,
>> Rakesh
>>
>>
>>
>>
> Hello Rakesh,
> it's not possible to determine what happened from information that you
> have sent. Could you please find the service that failed to start and send
> its logs?
>
> I believe that all services in FreeIPA depends on host names and resolve
> IP address from DNS when needed.
> But if DNS server is part of FreeIPA server you're trying to restore it is
> holding old records with old IP addresses. Maybe this is the cause but it's
> just wild guess.
>
> --
> David Kupka
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] freeipa restore backup on a new server

2016-04-12 Thread David Kupka 

On 12/04/16 11:26, Rakesh Rajasekharan wrote:

Hi ,

I am running ipa-server verison 4.2 on AWS,and testing the freeipa backup and
restore .

The restoration works fine if its on the same host, wherin i uninstall freeipa
and then install it back and then do a full restore.

However, if its a new machine with a different ip, the restoration fails.

I am running the restoration from an ansible playbook.. heres the output, that 
I get

Preparing restore from /tmp/ipa/ipa-full-2016-04-12 on
test-ipa-master-int.xyz.com 
Performing FULL restore from FULL backup
Each master will individually need to be re-initialized or
re-created from this one. The replication agreements on
masters running IPA 3.1 or earlier will need to be manually
re-enabled. See the man page for details.
Disabling all replication.
Stopping IPA services
Systemwide CA database updated.
Restoring files
Systemwide CA database updated.
Restoring from userRoot in xyz-COM
Restoring from ipaca in xyz-COM
Starting IPA services
Command ''ipactl' 'start'' returned non-zero exit status 1
stdout: Configuring certmonger to stop tracking system certificates for CA

Is there a limitation that the ip needs to be the same for a restore to happen
or am I missing something.

Thanks,
Rakesh





Hello Rakesh,
it's not possible to determine what happened from information that you 
have sent. Could you please find the service that failed to start and 
send its logs?


I believe that all services in FreeIPA depends on host names and resolve 
IP address from DNS when needed.
But if DNS server is part of FreeIPA server you're trying to restore it 
is holding old records with old IP addresses. Maybe this is the cause 
but it's just wild guess.


--
David Kupka

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project