I have finally been able to create an RHEL7/IPAv4 server using ipa-replica-prepare on a RHEL6/IPA v3 server (ipa01)(added the needed schema) and running ipa-replica-install on the RHEL7/IPAv4 server (ipa03). I followed a number of steps to stop CA and CA Renewal on ipa01 and make ipa03 the CA and CA Renewal master as well as the DNS master. I then created another RHEL7 server (ipa04) and ran the ipa-replica-prepare on ipa03 and ran ipa-replica-install in ipa04.
In the IPA Administrative GUI I am exploring the topology because I need to ultimately get rid of ipa01 and ipa-r02 - both RHEL6/IPAv3 servers. I have 2 suffixes: ca and domain. The four servers show up in the IPA Servers pane. Only ipa03 and ipa04 have Managed Suffixes. Both have domain and ca. Both have Min Domain Level 0 and Max Domain Level 1. Is this as it should be? Server Roles pane shows that ipa01, ipa03, and ipa04 are CA servers. Eventually I need to remove ipa01. DNS servers are only ipa03 and ipa04. This is okay, I think. Domain Level pane show Level 0 Topology Graph pane says "Managed topology requires minimum level 1". The Add and Delete buttons are greyed out. IPA Locations pane has No entries. When I tried to run ipa-server-install -uninstall -U on ipa-r02 I received a number of errors: Shutting down all IPA services Removing IPA client configuration Unconfiguring ntpd Unconfiguring named Unconfiguring web server Unconfiguring krb5kdc Unconfiguring kadmin Unconfiguring directory server Unconfiguring ipa_memcached ipa : ERROR Some certificates may still be tracked by certmonger. This will cause re-installation to fail. Start the certmonger service and list the certificates being tracked # getcert list These may be untracked by executing # getcert stop-tracking -i <request_id> for each id in: 20150127222017 In the CLI on ipa03 when I ran "ipa-replica-manage list" and the result is ipa01: master, ipa-r02: master, ipa03: master, ipa04: master. In the CLI on ipa03 when I ran "ipa-csreplica-manage list" and the result is ipa01: master, ipa-r02: CA not configured, ipa03: master, ipa04: master. So ipa-r02 still shows up....How do I clean this up properly in the system? And how do I properly remove ipa01 when the time comes? All the documentation I find refers to replicas. It seems I do not have any replicas, I have all masters. There is something fundamental I continue to miss in administering this environment. Steven Auerbach Assistant Director of Information Systems Information Technology & Security State University System of Florida Board of Governors 325 W. Gaines Street Tallahassee, Florida 32399 (850) 245-9592 www.flbog.edu<http://www.flbog.edu/> [Graphic for Email]
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
