> > > It hangs forever. > > How long is forever? > officially it's about 15 mns. Do you mean that this delay could be expected ?
> > > If I run it using the --cleanup option, it seems to work. > > That does other things. > and actually it did not really work. > > > > > But when I try to run again from scratch my replica, using the same > > name, I get: > > > > Checking forwarders, please wait ... > > WARNING: DNS forwarder 10.9.70.7 does not return DNSSEC signatures in > > answers > > Please fix forwarder configuration to enable DNSSEC support. > > (For BIND 9 add directive "dnssec-enable yes;" to "options {}") > > WARNING: DNSSEC validation will be disabled > > Warning: skipping DNS resolution of host ipa2.example.com > > <http://ipa2.example.com> > > Warning: skipping DNS resolution of host ipa.example.com > > <http://ipa.example.com> > > Using reverse zone(s) 0.17.172.in-addr.arpa. > > A replication agreement for this host already exists. It needs to be > > removed. > > Run this on the master that generated the info file: > > % ipa-replica-manage del ipa2.example.com <http://ipa2.example.com> > > --force > > > > On my master: > > # ipa-replica-manage list > > ipas.example.com: master > > ipa.example.com: master > > > > I manually removed all DNS entries from the 3 zones mentioning ipa2. I > > can check in the web UI, using the search feature that ipa2 has no > > occurrence. > > > > So I do not understand why the replica install thinks there's still a > > replication agreement. > > And I'd like to know: > > 1) why this command did not work > > > > |ipa-replica-manage del ipa2.example.com <http://ipa2.example.com> > > --force -v| > > Because replication agreements are separate from IPA masters, DNS, etc. > > > > > 2) How could I manually effectively delete this agrrement left-over. > > > > To see the agreements on any given master: > > $ ldapsearch -x -D 'cn=directory manager' -W -b > 'cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config' > > Use ldapdelete to delete the orphan one, or use something like Apache > Studio if you're uncomfortable on the CLI. > > rob >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project