On 11/18/2021 6:11 AM, Stephen Berg, Code 7309 via FreeIPA-users wrote:
I'm trying to migrate to new replica servers and have run into a
glitch. From some of the clients I can get a ticket but any ipa
command results in an error:
[root@host ~]# ipa user-show user1
ipa: ERROR: cannot connect to 'any of the configured servers':
https://iparep1.examle.com/ipa/json,
https://iparep2.example.com/ipa/json,
https://iparep3.example.com/ipa/json,
https://iparep4.example.com/ipa/json
All the servers listed in the error have been retired. The ipa_server
config in /etc/sssd/sssd.conf has been updated to point to the new
servers and sssd has been restarted.
I tried to tweak sssd.conf on one client to only have one of the new
replica servers listed, stopped sssd, cleared out /var/lib/sss/db/*
and then restarted sssd. It still gets the same error above.
The new servers are all running ipa-server-4.9.6-6 on Rocky Linux
8.5. There is one of previous replicas still running. I will be
retiring that one as well but not until I figure out the current
problems. I've configured topology segments in a mesh so any of the
servers can replicate with any of the others.
I think I've found at least one problem. When I removed old replicas
that are getting retired I think removed the CA master by mistake. Now
I don't seem to have one and need to modify one of the replicas to be
the CA. Can't figure out the right procedure to make that happen though.
--
Stephen Berg, IT Specialist, Ocean Sciences Division, Code 7309
Naval Research Laboratory
W: (228) 688-5738 <- (Preferred contact)
DSN: (312) 823-5738
C: (228) 365-0162
Flank Speed: stephen.p.berg.civ(a)us.navy.mil