On 08/25/2016 02:04 PM, Ian Harding wrote: > > On 08/25/2016 10:41 AM, Rob Crittenden wrote: >> Ian Harding wrote: >>> >>> On 08/24/2016 06:33 PM, Rob Crittenden wrote: >>>> Ian Harding wrote: >>>>> I tried to simply uninstall and reinstall freeipa-dal and this >>>>> happened. >>>>> >>>>> It only had a replication agreement with freeipa-sea >>>>> >>>>> [root@freeipa-dal ianh]# ipa-server-install --uninstall >>>>> >>>>> This is a NON REVERSIBLE operation and will delete all data and >>>>> configuration! >>>>> >>>>> Are you sure you want to continue with the uninstall procedure? >>>>> [no]: yes >>>>> Shutting down all IPA services >>>>> Removing IPA client configuration >>>>> Unconfiguring ntpd >>>>> Configuring certmonger to stop tracking system certificates for KRA >>>>> Configuring certmonger to stop tracking system certificates for CA >>>>> Unconfiguring CA >>>>> Unconfiguring named >>>>> Unconfiguring ipa-dnskeysyncd >>>>> Unconfiguring web server >>>>> Unconfiguring krb5kdc >>>>> Unconfiguring kadmin >>>>> Unconfiguring directory server >>>>> Unconfiguring ipa_memcached >>>>> Unconfiguring ipa-otpd >>>>> [root@freeipa-dal ianh]# ipa-server-install --uninstall >>>>> >>>>> This is a NON REVERSIBLE operation and will delete all data and >>>>> configuration! >>>>> >>>>> Are you sure you want to continue with the uninstall procedure? >>>>> [no]: yes >>>>> >>>>> WARNING: Failed to connect to Directory Server to find information >>>>> about >>>>> replication agreements. Uninstallation will continue despite the >>>>> possible >>>>> existing replication agreements. >>>>> Shutting down all IPA services >>>>> Removing IPA client configuration >>>>> Configuring certmonger to stop tracking system certificates for KRA >>>>> Configuring certmonger to stop tracking system certificates for CA >>>>> [root@freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns >>>>> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg >>>>> Directory Manager (existing master) password: >>>>> >>>>> The host freeipa-dal.bpt.rocks already exists on the master server. >>>>> You should remove it before proceeding: >>>>> % ipa host-del freeipa-dal.bpt.rocks >>>>> [root@freeipa-dal ianh]# >>>>> >>>>> So I tried to delete it again with --force >>>>> >>>>> [root@freeipa-sea ianh]# ipa-replica-manage --force del >>>>> freeipa-dal.bpt.rocks >>>>> Directory Manager password: >>>>> >>>>> 'freeipa-sea.bpt.rocks' has no replication agreement for >>>>> 'freeipa-dal.bpt.rocks' >>>>> [root@freeipa-sea ianh]# >>>>> >>>>> Can't delete it from the master server either >>>>> >>>>> [root@seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks >>>>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or >>>>> disabled >>>>> >>>>> >>>>> Now what? I'm running out of things that work. >>>> Not sure what version of IPA you have but try: >>>> >>>> # ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks >>>> >>>> If this had a CA on it then you'll want to ensure that any replication >>>> agreements it had have been removed as well. >>>> >>>> rob >>>> >>> It turns out I'm not smart enough to untangle this mess. >>> >>> Is there any way to kind of start over? I managed to delete and >>> recreate a couple replicas but the problems (obsolete ruv as far as I >>> can tell) carry on with the new replicas. They won't even replicate >>> back to the master they were created from. >> Once you have the right version of 389-ds then then cleanruv tasks work >> a lot better. What version are you running now? > 1.3.4.0. Ian,
Can you the exact version please? rpm -qa | grep 389-ds-base Thanks, Mark > It's handcuffed to my CentOS 7 so I don't want to update it > outside the CentOS ecosystem. What's the downside of upgrading it from > source or an RPM for a different flavor of RedHat derived Linux? > > I'm a one-man band but I'd be interested in hearing a pitch from someone > who is super smart on this stuff for a working consulting gig and maybe > ongoing support. Who would I talk to at RedHat about coming in from the > cold for full on corporate support? > > Thanks! > >>> Basically, is there a way to do a fresh install of FreeIPA server, and >>> do a dump/restore of data from my existing messed up install? >> Not really, no. You can migrate IPA to IPA but only users and groups and >> you lose private groups for existing users (they become regular POSIX >> groups). >> >> rob >> -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
