Steven Jones wrote:
I have a 3 node IPA cluster, I have replaced the 2 "slaves" however when I try
and remove the last one the master? it says,
"[root@vuwunicoipam001 thing]# ipa-replica-manage del vuwunicoipam002.xxxxxxxx
Directory Manager password:
Deleting a master is irreversible.
To reconnect to the remote master you will need to prepare a new replica file
and re-install.
Continue to delete? [no]: yes
Deleting this server will orphan 'vuwunicoipam001xxxxxxxxx and
vuwunicoipam003.xxxxxxxxx
You will need to reconfigure your replication topology to delete this server.
[root@vuwunicoipam001 thing]# ipa-replica-manage list
Directory Manager password:
vuwunicoipam002.xxxxxxxx master
vuwunicoipam003.xxxxxxxx master
vuwunicoipam001.xxxxxxxx master
[root@vuwunicoipam001 thing]#"
So how do I re-configure?
Every server is a master. The only differences may be the services
running (CA and/or DNS) and only one generates the CRL and manages
certificate renewal. Otherwise they are all equal masters.
This doesn't show the topology. Were I to guess it looks like:
001
/ \
002 003
So you need to run ipa-replica-manage connect vuwunicoipam002
vuwunicoipam003
Then you should be able to delete 0001. Just be sure at least one of
those other masters has a CA, if not both of them. You may need
ipa-csreplica-manage connect to connect that topology.
Also be aware of the DNA config. A master doesn't automatically get one.
It only gets it when it creates an entry that needs a range.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
