On 08/03/2016 08:06 PM, Ian Harding wrote: > I deleted a replica that had a corrupted ldap database and it caused > some problems. I'm now getting the dreaded
What do you mean by "deleted"? Ran `ipa-replica-mange del $server`? Removed the machine completely? Or something else? > > [root@edinburghnfs ianh]# ipa-replica-manage connect freeipa-sea.bpt.rocks > Connection unsuccessful: freeipa-sea.bpt.rocks is an IPA Server, but it > might be unknown, foreign or previously deleted one. > > I had to go around and remove old replication agreements from the other > replicas, but then they could connect again. This one, and another, I > am not able to do that with. They were initially created with > freeipa-sea as their master. Which replica is the deleted one? freeipa-sea.bpt.rocks or edinburghnfs ? > > I assume I run ipa-server-install --uninstall on edinburghnis, then > reinstall to fix? > > There's always an error about having to "Manually remove" the ldap > database. What's the best way to do that? Where is the error shown and what is the exact text? In general - if replica is removed/uninstall then it cannot be added back - incorrectly removed repliacase might - have still dangling replication agreements - various ldap entries in LDAP db which are normally removed by `ipa-replica-manage del $replica` - suffer from dangling ruvs Most of the issues above can be fixed by `ipa-(cs)replica-manage del $replica --clean --force commands`. And then clean ruvs commands of the same tool. Correct order of IPA replica is: - transfer CA CRL and CA renewal roles to different replica if this one is the master which handles it - make sure you have other relica with CA - run `ipa-csreplica-manage del $tobedeleted` on different replica - run `ipa-replica-manage del $tobedeleted` on different replica - run `ipa-server-install --uninstall` on the to-be-delete-replica -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
