Re: [Freeipa-users] replica installation clean up
Hello, I think it might be easier to just re-install FC17 on my machine since it's brand new and I won't loss any data. Now I want to backup a few folders where some files are changed during ipa installation, so that if I mess up again, I only need to copy the original folder over. For this purpose, is the following list sufficient? /boot /etc /home /root /usr /var I think I probably don't need /boot /home /root either, but these are small. Thanks for your advice. George > > From: Rob Crittenden >To: george he >Cc: "freeipa-users@redhat.com" >Sent: Friday, June 22, 2012 4:23 PM >Subject: Re: [Freeipa-users] replica installation clean up > >george he wrote: >> Hello, >> >> Since I didn't get any reply on this, I just went ahead and did >> /ipa-server-install --uninstall >> to clean up and did >> ipa-replica-manage del myreplica --force >> on mymaster >> After these I did ipa-replica-install again but this time I get >> >> ipa : CRITICAL Failed to load replica-s4u2proxy.ldif: Command >> '/usr/bin/ldapmodify -h myreplica -v -f /tmp/tmpExxi0H -x -D >> cn=Directory Manager -y /tmp/tmpa12oUA' returned non-zero exit status 1 >> >> Any suggestions on this? > >It depends on why it failed. When there is an installation error I recommend >you start by looking at /var/log/ipa-server-install.log or >/var/log/ipareplica-install.log as needed. > >This error would suggest that something was not removed from LDAP when the >last replica was deleted. This may ok. You'll need to use ldapsearch to verify >that cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX and dn: >cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX has a >memberPrincipal for the service principal of your replica. > >something like: > >ldapsearch -LLL -x -b cn=s4u2proxy,cn=etc,dc=example,d=com > >rob > > >___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] replica installation clean up
george he wrote: Hello, Since I didn't get any reply on this, I just went ahead and did /ipa-server-install --uninstall to clean up and did ipa-replica-manage del myreplica --force on mymaster After these I did ipa-replica-install again but this time I get ipa : CRITICAL Failed to load replica-s4u2proxy.ldif: Command '/usr/bin/ldapmodify -h myreplica -v -f /tmp/tmpExxi0H -x -D cn=Directory Manager -y /tmp/tmpa12oUA' returned non-zero exit status 1 Any suggestions on this? It depends on why it failed. When there is an installation error I recommend you start by looking at /var/log/ipa-server-install.log or /var/log/ipareplica-install.log as needed. This error would suggest that something was not removed from LDAP when the last replica was deleted. This may ok. You'll need to use ldapsearch to verify that cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX and dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX has a memberPrincipal for the service principal of your replica. something like: ldapsearch -LLL -x -b cn=s4u2proxy,cn=etc,dc=example,d=com rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] replica installation clean up
Hello,
Since I didn't get any reply on this, I just went ahead and did
/ipa-server-install --uninstall
to clean up and did
ipa-replica-manage del myreplica --force
on mymaster
After these I did ipa-replica-install again but this time I get
ipa : CRITICAL Failed to load replica-s4u2proxy.ldif: Command
'/usr/bin/ldapmodify -h myreplica -v -f /tmp/tmpExxi0H -x -D cn=Directory
Manager -y /tmp/tmpa12oUA' returned non-zero exit status 1
Any suggestions on this?
Thanks,
George
>
> From: george he
>To: Rob Crittenden
>Cc: "freeipa-users@redhat.com"
>Sent: Thursday, June 21, 2012 10:28 PM
>Subject: Re: [Freeipa-users] replica installation clean up
>
>
>Hello,
>
>
>I used --force to delete myreplica from mymaster. And then
>runipa-replica-install on the myreplica again.
>This time everything seems ok until it comes to the end:
>
>
>Applying LDAP updates
>Restarting the directory server
>Restarting the KDC
>Restarting the web server
>creation of replica failed: Command '/bin/systemctl restart ipa.service'
>returned non-zero exit status 1
>
>Your system may be partly configured.
>Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
>
>
>And this is the error message at the end of /var/log/ipareplica-install.log:
>
>
>2012-06-22T02:02:01Z DEBUG stderr=Job failed. See system journal and
>'systemctl status' for details.
>
>2012-06-22T02:02:01Z DEBUG Command '/bin/systemctl restart ipa.service'
>returned non-zero exit status 1
> File "/sbin/ipa-replica-install", line 494, in
> main()
>
> File "/sbin/ipa-replica-install", line 488, in main
> ipaservices.knownservices.ipa.enable()
>
> File "/usr/lib/python2.7/site-packages/ipapython/platform/fedora16.py", line
>101, in enable
> self.restart(instance_name)
>
> File "/usr/lib/python2.7/site-packages/ipapython/platform/systemd.py", line
>85, in restart
> ipautil.run(["/bin/systemctl", "restart",
>self.service_instance(instance_name)], capture_output=capture_output)
>
> File
"/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 304, in run
> raise CalledProcessError(p.returncode, args)
>
>Should I run ipa-server-install --uninstall on myreplica now?
>
>
>Thanks,
>George
>
>
>
>
>>
>> From: Rob Crittenden
>>To: george he
>>Cc: "freeipa-users@redhat.com"
>>Sent: Thursday, June 21, 2012 4:35 PM
>>Subject: Re: [Freeipa-users] replica installation clean up
>>
>>george he wrote:
>>> Hi,
>>>
>>> after ipa-replica-install and ipa-replica-install --uninstall, now I get
>>>
>>> [root@myreplica ~]# ipa-replica-install --setup-ca
>>> /var/lib/ipa/replica-info.gpg
>>> .
>>> .
>>> .
>>> Connection check OK
>>> The host myreplica already exists on the master server. Depending on
>>> your configuration, you may perform the following:
>>>
>>> Remove the replication agreement, if any:
>>> % ipa-replica-manage del myreplica
>>> Remove the host entry:
>>> % ipa host-del myreplica
>>>
>>> If I run this on myreplica:
>>> [root@myreplica ~]# ipa-replica-manage del myreplica
>>> IPA is not configured on this system.
>>> [root@myreplica ~]# ipa host-del myreplica
>>> ipa: ERROR: Kerberos error: ('Unspecified GSS failure. Minor code may
>>> provide more information', 851968)/('Cannot find KDC for requested
>>> realm',
-1765328230)
>>>
>>> If I un this on mymaster:
>>> [root@mymaster ~]# ipa-replica-manage del myreplica
>>> Unable to delete replica myreplica: {'desc': "Can't contact LDAP server"}
>>> [root@mymaster ~]# ipa host-del myreplica
>>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
>>> disabled
>>>
>>> How do I clean up the unsuccessful installation - uninstallation of a
>>> replica?
>>
>>Ideally you remove the agreement before deleting the replica, hence the
>>LDAP error. Add the --force flag:
>>
>># ipa-replica-manage del myreplica.fqdn --force
>>
>>Then you should be able to delete the host entry.
>>
>>rob
>>
>>
>>
>>
>___
>Freeipa-users mailing list
>Freeipa-users@redhat.com
>https://www.redhat.com/mailman/listinfo/freeipa-users
>
>___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] replica installation clean up
Hello,
I used --force to delete myreplica from mymaster. And then
runipa-replica-install on the myreplica again.
This time everything seems ok until it comes to the end:
Applying LDAP updates
Restarting the directory server
Restarting the KDC
Restarting the web server
creation of replica failed: Command '/bin/systemctl restart ipa.service'
returned non-zero exit status 1
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
And this is the error message at the end of /var/log/ipareplica-install.log:
2012-06-22T02:02:01Z DEBUG stderr=Job failed. See system journal and 'systemctl
status' for details.
2012-06-22T02:02:01Z DEBUG Command '/bin/systemctl restart ipa.service'
returned non-zero exit status 1
File "/sbin/ipa-replica-install", line 494, in
main()
File "/sbin/ipa-replica-install", line 488, in main
ipaservices.knownservices.ipa.enable()
File "/usr/lib/python2.7/site-packages/ipapython/platform/fedora16.py", line
101, in enable
self.restart(instance_name)
File "/usr/lib/python2.7/site-packages/ipapython/platform/systemd.py", line
85, in restart
ipautil.run(["/bin/systemctl", "restart",
self.service_instance(instance_name)], capture_output=capture_output)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 304, in run
raise CalledProcessError(p.returncode, args)
Should I run ipa-server-install --uninstall on myreplica now?
Thanks,
George
>
> From: Rob Crittenden
>To: george he
>Cc: "freeipa-users@redhat.com"
>Sent: Thursday, June 21, 2012 4:35 PM
>Subject: Re: [Freeipa-users] replica installation clean up
>
>george he wrote:
>> Hi,
>>
>> after ipa-replica-install and ipa-replica-install --uninstall, now I get
>>
>> [root@myreplica ~]# ipa-replica-install --setup-ca
>> /var/lib/ipa/replica-info.gpg
>> .
>> .
>> .
>> Connection check OK
>> The host myreplica already exists on the master server. Depending on
>> your configuration, you may perform the following:
>>
>> Remove the replication agreement, if any:
>> % ipa-replica-manage del myreplica
>> Remove the host entry:
>> % ipa host-del myreplica
>>
>> If I run this on myreplica:
>> [root@myreplica ~]# ipa-replica-manage del myreplica
>> IPA is not configured on this system.
>> [root@myreplica ~]# ipa host-del myreplica
>> ipa: ERROR: Kerberos error: ('Unspecified GSS failure. Minor code may
>> provide more information', 851968)/('Cannot find KDC for requested
>> realm', -1765328230)
>>
>> If I un this on mymaster:
>> [root@mymaster ~]# ipa-replica-manage del myreplica
>> Unable to delete replica myreplica: {'desc': "Can't contact LDAP server"}
>> [root@mymaster ~]# ipa host-del myreplica
>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
>> disabled
>>
>> How do I clean up the unsuccessful installation - uninstallation of a
>> replica?
>
>Ideally you remove the agreement before deleting the replica, hence the
>LDAP error. Add the --force flag:
>
># ipa-replica-manage del myreplica.fqdn --force
>
>Then you should be able to delete the host entry.
>
>rob
>
>
>
>___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] replica installation clean up
Hi, Could we get the admin guide updated with such procedures? because the admin guide really reads more like a multi-coloured man page at times. Its al there (well mostly) but its a bit of a failure if you dont know you have to do a whole sequence of steps to get where you want to end up. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 8>< > > How do I clean up the unsuccessful installation - uninstallation of a > replica? Ideally you remove the agreement before deleting the replica, hence the LDAP error. Add the --force flag: # ipa-replica-manage del myreplica.fqdn --force Then you should be able to delete the host entry. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] replica installation clean up
george he wrote:
Hi,
after ipa-replica-install and ipa-replica-install --uninstall, now I get
[root@myreplica ~]# ipa-replica-install --setup-ca
/var/lib/ipa/replica-info.gpg
.
.
.
Connection check OK
The host myreplica already exists on the master server. Depending on
your configuration, you may perform the following:
Remove the replication agreement, if any:
% ipa-replica-manage del myreplica
Remove the host entry:
% ipa host-del myreplica
If I run this on myreplica:
[root@myreplica ~]# ipa-replica-manage del myreplica
IPA is not configured on this system.
[root@myreplica ~]# ipa host-del myreplica
ipa: ERROR: Kerberos error: ('Unspecified GSS failure. Minor code may
provide more information', 851968)/('Cannot find KDC for requested
realm', -1765328230)
If I un this on mymaster:
[root@mymaster ~]# ipa-replica-manage del myreplica
Unable to delete replica myreplica: {'desc': "Can't contact LDAP server"}
[root@mymaster ~]# ipa host-del myreplica
ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
disabled
How do I clean up the unsuccessful installation - uninstallation of a
replica?
Ideally you remove the agreement before deleting the replica, hence the
LDAP error. Add the --force flag:
# ipa-replica-manage del myreplica.fqdn --force
Then you should be able to delete the host entry.
rob
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
