Ian Harding wrote:
On 08/24/2016 06:33 PM, Rob Crittenden wrote:
Ian Harding wrote:
I tried to simply uninstall and reinstall freeipa-dal and this happened.
It only had a replication agreement with freeipa-sea
[root@freeipa-dal ianh]# ipa-server-install --uninstall
This is a NON REVERSIBLE operation and will delete all data and
configuration!
Are you sure you want to continue with the uninstall procedure? [no]: yes
Shutting down all IPA services
Removing IPA client configuration
Unconfiguring ntpd
Configuring certmonger to stop tracking system certificates for KRA
Configuring certmonger to stop tracking system certificates for CA
Unconfiguring CA
Unconfiguring named
Unconfiguring ipa-dnskeysyncd
Unconfiguring web server
Unconfiguring krb5kdc
Unconfiguring kadmin
Unconfiguring directory server
Unconfiguring ipa_memcached
Unconfiguring ipa-otpd
[root@freeipa-dal ianh]# ipa-server-install --uninstall
This is a NON REVERSIBLE operation and will delete all data and
configuration!
Are you sure you want to continue with the uninstall procedure? [no]: yes
WARNING: Failed to connect to Directory Server to find information about
replication agreements. Uninstallation will continue despite the possible
existing replication agreements.
Shutting down all IPA services
Removing IPA client configuration
Configuring certmonger to stop tracking system certificates for KRA
Configuring certmonger to stop tracking system certificates for CA
[root@freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns
--no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg
Directory Manager (existing master) password:
The host freeipa-dal.bpt.rocks already exists on the master server.
You should remove it before proceeding:
% ipa host-del freeipa-dal.bpt.rocks
[root@freeipa-dal ianh]#
So I tried to delete it again with --force
[root@freeipa-sea ianh]# ipa-replica-manage --force del
freeipa-dal.bpt.rocks
Directory Manager password:
'freeipa-sea.bpt.rocks' has no replication agreement for
'freeipa-dal.bpt.rocks'
[root@freeipa-sea ianh]#
Can't delete it from the master server either
[root@seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks
ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
disabled
Now what? I'm running out of things that work.
Not sure what version of IPA you have but try:
# ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks
If this had a CA on it then you'll want to ensure that any replication
agreements it had have been removed as well.
rob
It turns out I'm not smart enough to untangle this mess.
Is there any way to kind of start over? I managed to delete and
recreate a couple replicas but the problems (obsolete ruv as far as I
can tell) carry on with the new replicas. They won't even replicate
back to the master they were created from.
Once you have the right version of 389-ds then then cleanruv tasks work
a lot better. What version are you running now?
Basically, is there a way to do a fresh install of FreeIPA server, and
do a dump/restore of data from my existing messed up install?
Not really, no. You can migrate IPA to IPA but only users and groups and
you lose private groups for existing users (they become regular POSIX
groups).
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
