On 10/31/24 06:47, Rob Crittenden wrote: > Orion Poplawski via FreeIPA-users wrote: >> On 10/30/24 16:16, Orion Poplawski via FreeIPA-users wrote: >>> We have some issues with installing new replicas, apparently triggered by >>> incomplete replication between the existing servers. >>> >>> I'm trying to cleanup the orphaned replica agreements: >>> >>> dn: >>> cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=dc\3Dnw >>> ra\2Cdc\3Dcom,cn=mapping tree,cn=config >>> nsDS5ReplicaLastUpdateStatus: Error (-1) Problem connecting to replica - >>> LDAP >>> error: Can't contact LDAP server (connection error) >>> >>> dn: >>> cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=o\3Dipa >>> ca,cn=mapping tree,cn=config >>> nsDS5ReplicaLastUpdateStatus: Error (-1) Problem connecting to replica - >>> LDAP >>> error: Can't contact LDAP server (connection error) >>> >>> >>> But that appears to be hanging: >>> >>> # ldapmodify -h ipa-seattle01.nwra.com -D "cn=directory manager" -W <<EOF >>>> dn: >>> cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=o\3Dipaca,cn=mapping >>> tree,cn=config >>>> changetype: delete >>>> >>>> dn: >>> cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=dc\3Dnwra\2Cdc\3Dcom,cn=mapping >>> tree,cn=config >>>> changetype: delete >>>> EOF >>> Enter LDAP Password: >>> deleting entry >>> "cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=o\3Dipaca,cn=mapping >>> tree,cn=config" >>> >>> >>> Any idea what would cause this? >> >> >> It appears that one of our IPA servers (not ipa-seattle01 though) was >> wedged - ns-slapd stuck at 100% and not responding. After rebooting >> that the ghost replica was removed. > > Is there a reason you were deleting these directly and not using IPA > tooling? > > rob
What tooling would that be? I believe they were left over even after an ipa-replica-install --uninstall, or maybe I just got frustrated an wiped out my vm without doing that process. In any case ipa-bld01 was no more. What should I have done instead? Orion -- Orion Poplawski he/him/his - surely the least important thing about me Manager of IT Systems 720-772-5637 NWRA, Boulder Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 https://www.nwra.com/
smime.p7s
Description: S/MIME Cryptographic Signature
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
