Hey folks,
In my Test-Setup I have the following:
srv1.auth.alpha-labs.net srv2.auth.alpha-labs.net srv3.auth.alpha-labs.net
srv1 is the freshly installed master. srv2 is a client, promoted to replication via ipa-replica-install. srv3 failed with ipa-replica-install. Now I can't proceed past:
-- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- [root@srv3 ~]# ipa-replica-install ipaserver.install.installutils: ERROR Unable to resolve the IP address 10.1.2.10 to a host name, check /etc/hosts and DNS name resolution Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipapython.admintool: ERROR A replication agreement for this host already exists. It needs to be removed. Run this command: %% ipa-replica-manage del srv3.auth.alpha-labs.net --force ipapython.admintool: ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< --
I tried (on srv1):
- ipa-replica-manage del srv3.auth.alpha-labs.net --cleanup --force - ipa-replica-manage disconnect srv3.auth.alpha-labs.net - ipa-replica-manage del srv3.auth.alpha-labs.net --force -v --no-lookup - ipa-replica-manage clean-dangling-ruv - ipa-replica-manage del --force srv3.auth.alpha-labs.net
As this is just a test setup I can easily drop everything and start over, but I really wonder how to fix that once we go live with a real setup.
Thanks in advance! Enjoy your weekend! -Chris.
Hi Christian,
On Sat, Jun 22, 2019 at 12:13 AM Christian Reiss via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hey folks,
In my Test-Setup I have the following:
srv1.auth.alpha-labs.net srv2.auth.alpha-labs.net srv3.auth.alpha-labs.net
srv1 is the freshly installed master. srv2 is a client, promoted to replication via ipa-replica-install. srv3 failed with ipa-replica-install. Now I can't proceed past:
-- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- [root@srv3 ~]# ipa-replica-install ipaserver.install.installutils: ERROR Unable to resolve the IP address 10.1.2.10 to a host name, check /etc/hosts and DNS name resolution Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipapython.admintool: ERROR A replication agreement for this host already exists. It needs to be removed. Run this command: %% ipa-replica-manage del srv3.auth.alpha-labs.net --force ipapython.admintool: ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< --
I tried (on srv1):
- ipa-replica-manage del srv3.auth.alpha-labs.net --cleanup --force
- ipa-replica-manage disconnect srv3.auth.alpha-labs.net
- ipa-replica-manage del srv3.auth.alpha-labs.net --force -v --no-lookup
- ipa-replica-manage clean-dangling-ruv
- ipa-replica-manage del --force srv3.auth.alpha-labs.net
As this is just a test setup I can easily drop everything and start over, but I really wonder how to fix that once we go live with a real setup.
Please search your ldap tree (using ldapsearch with admin credentials) for remaining objects containing the to-delete server hostname. You should find the replication agreements there. If unsure of what to do next please reply to the list.
François
Thanks in advance! Enjoy your weekend! -Chris.
-- Christian Reiss - email@christian-reiss.de /"\ ASCII Ribbon support@alpha-labs.net \ / Campaign X against HTML WEB alpha-labs.net / \ in eMails
GPG Retrieval https://gpg.christian-reiss.de GPG ID ABCD43C5, 0x44E29126ABCD43C5 GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5
"It's better to reign in hell than to serve in heaven.", John Milton, Paradise lost.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hello François,
Thanks for replying. I did notice in some post from 2015 about ldap with some rudimentary ldap command. My ldap knowlegedge is truth be told not awesome (Yet, but learning).
No matter how much I tortured ldapsearch I was unable to match pretty much anything. Not even the other two servers, so something is fundamentally wrong in my query.
Even if I hit gold (in terms of finding something in ldap) removing it would even be as difficult.
I am willing to learn but ldap and me were never best friends.
Thanks! -Chris.
On 22/06/2019 11:47, François Cami wrote:
Hi Christian,
On Sat, Jun 22, 2019 at 12:13 AM Christian Reiss via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hey folks,
In my Test-Setup I have the following:
srv1.auth.alpha-labs.net srv2.auth.alpha-labs.net srv3.auth.alpha-labs.net
srv1 is the freshly installed master. srv2 is a client, promoted to replication via ipa-replica-install. srv3 failed with ipa-replica-install. Now I can't proceed past:
-- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- [root@srv3 ~]# ipa-replica-install ipaserver.install.installutils: ERROR Unable to resolve the IP address 10.1.2.10 to a host name, check /etc/hosts and DNS name resolution Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipapython.admintool: ERROR A replication agreement for this host already exists. It needs to be removed. Run this command: %% ipa-replica-manage del srv3.auth.alpha-labs.net --force ipapython.admintool: ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< --
I tried (on srv1):
- ipa-replica-manage del srv3.auth.alpha-labs.net --cleanup --force
- ipa-replica-manage disconnect srv3.auth.alpha-labs.net
- ipa-replica-manage del srv3.auth.alpha-labs.net --force -v --no-lookup
- ipa-replica-manage clean-dangling-ruv
- ipa-replica-manage del --force srv3.auth.alpha-labs.net
As this is just a test setup I can easily drop everything and start over, but I really wonder how to fix that once we go live with a real setup.
Please search your ldap tree (using ldapsearch with admin credentials) for remaining objects containing the to-delete server hostname. You should find the replication agreements there. If unsure of what to do next please reply to the list.
François
Thanks in advance! Enjoy your weekend! -Chris.
-- Christian Reiss - email@christian-reiss.de /"\ ASCII Ribbon support@alpha-labs.net \ / Campaign X against HTML WEB alpha-labs.net / \ in eMails
GPG Retrieval https://gpg.christian-reiss.de GPG ID ABCD43C5, 0x44E29126ABCD43C5 GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5
"It's better to reign in hell than to serve in heaven.", John Milton, Paradise lost.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hi Chris,
Apologies for the late reply.
You can try ldapsearch this way after generating a kerberos tgt and setting basedn properly (e.g. like basedn='dc=example,dc=com')
$ ldapsearch -Y GSSAPI -b cn=topology,cn=ipa,cn=etc,$basedn
This should show iparepltoposegment objects and topology-related information.
If all else fails and you need to see how objects are build into the ldap tree you may dump the tree:
$ ldapsearch -Y GSSAPI -b $basedn
And search for objects still referencing your old host.
Cheers François
On Sat, Jun 22, 2019 at 11:52 AM Christian Reiss via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello François,
Thanks for replying. I did notice in some post from 2015 about ldap with some rudimentary ldap command. My ldap knowlegedge is truth be told not awesome (Yet, but learning).
No matter how much I tortured ldapsearch I was unable to match pretty much anything. Not even the other two servers, so something is fundamentally wrong in my query.
Even if I hit gold (in terms of finding something in ldap) removing it would even be as difficult.
I am willing to learn but ldap and me were never best friends.
Thanks! -Chris.
On 22/06/2019 11:47, François Cami wrote:
Hi Christian,
On Sat, Jun 22, 2019 at 12:13 AM Christian Reiss via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hey folks,
In my Test-Setup I have the following:
srv1.auth.alpha-labs.net srv2.auth.alpha-labs.net srv3.auth.alpha-labs.net
srv1 is the freshly installed master. srv2 is a client, promoted to replication via ipa-replica-install. srv3 failed with ipa-replica-install. Now I can't proceed past:
-- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- [root@srv3 ~]# ipa-replica-install ipaserver.install.installutils: ERROR Unable to resolve the IP address 10.1.2.10 to a host name, check /etc/hosts and DNS name resolution Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipapython.admintool: ERROR A replication agreement for this host already exists. It needs to be removed. Run this command: %% ipa-replica-manage del srv3.auth.alpha-labs.net --force ipapython.admintool: ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< --
I tried (on srv1):
- ipa-replica-manage del srv3.auth.alpha-labs.net --cleanup --force
- ipa-replica-manage disconnect srv3.auth.alpha-labs.net
- ipa-replica-manage del srv3.auth.alpha-labs.net --force -v --no-lookup
- ipa-replica-manage clean-dangling-ruv
- ipa-replica-manage del --force srv3.auth.alpha-labs.net
As this is just a test setup I can easily drop everything and start over, but I really wonder how to fix that once we go live with a real setup.
Please search your ldap tree (using ldapsearch with admin credentials) for remaining objects containing the to-delete server hostname. You should find the replication agreements there. If unsure of what to do next please reply to the list.
François
Thanks in advance! Enjoy your weekend! -Chris.
-- Christian Reiss - email@christian-reiss.de /"\ ASCII Ribbon support@alpha-labs.net \ / Campaign X against HTML WEB alpha-labs.net / \ in eMails
GPG Retrieval https://gpg.christian-reiss.de GPG ID ABCD43C5, 0x44E29126ABCD43C5 GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5
"It's better to reign in hell than to serve in heaven.", John Milton, Paradise lost.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
-- Christian Reiss - email@christian-reiss.de /"\ ASCII Ribbon support@alpha-labs.net \ / Campaign X against HTML WEB alpha-labs.net / \ in eMails
GPG Retrieval https://gpg.christian-reiss.de GPG ID ABCD43C5, 0x44E29126ABCD43C5 GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5
"It's better to reign in hell than to serve in heaven.", John Milton, Paradise lost.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hey,
Thanks! Got the third node up and running; all is fine. Now time to test-drive the setup. :)
Thanks all and everyone! :) -Chris.
On 25/06/2019 18:55, François Cami wrote:
Hi Chris,
Apologies for the late reply.
[...]
Cheers François
freeipa-users@lists.fedorahosted.org
-
Christian Reiss -
François Cami