I am running a master freeIPA called "ipa" in an adelton/freeipa-server (freeIPA 4.1.4). I am able to create a replica server "ipa2", still in an adelton/freeipa-server.
If I stop my ipa2 replica, and try to delete the replication agreement: %ipa-replica-manage del ipa2.example.com --force -v It hangs forever. If I run it using the --cleanup option, it seems to work. But when I try to run again from scratch my replica, using the same name, I get: Checking forwarders, please wait ... WARNING: DNS forwarder 10.9.70.7 does not return DNSSEC signatures in answers Please fix forwarder configuration to enable DNSSEC support. (For BIND 9 add directive "dnssec-enable yes;" to "options {}") WARNING: DNSSEC validation will be disabled Warning: skipping DNS resolution of host ipa2.example.com Warning: skipping DNS resolution of host ipa.example.com Using reverse zone(s) 0.17.172.in-addr.arpa. A replication agreement for this host already exists. It needs to be removed. Run this on the master that generated the info file: % ipa-replica-manage del ipa2.example.com --force On my master: # ipa-replica-manage list ipas.example.com: master ipa.example.com: master I manually removed all DNS entries from the 3 zones mentioning ipa2. I can check in the web UI, using the search feature that ipa2 has no occurrence. So I do not understand why the replica install thinks there's still a replication agreement. And I'd like to know: 1) why this command did not work ipa-replica-manage del ipa2.example.com --force -v 2) How could I manually effectively delete this agrrement left-over. Thanks. Karl
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project