Hi,
can you check if there are replication conflicts? Use the below command
(and replace $BASEDN with your base dn, for instance
dc=site5,dc=example,dc=com)
ldapsearch -D "cn=Directory Manager" -W -b $BASEDN
"(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))" \* nsds5ReplConflict
If you find some conflicts you can refer to
HTH,
flo
On Sat, Jun 1, 2024 at 5:10 AM Satish Patel <satish.txt(a)gmail.com> wrote:
Any help here, freeIPA giving me a hard time. I am not able to remove
bad
replicas. I have tried all possible options and google + chatGPT whatever I
can do but none helping. is there any way I can remove bad replicas from my
freeIPA?
On Thu, May 16, 2024 at 11:00 AM Satish Patel <satish.txt(a)gmail.com>
wrote:
> Hi Florence,
>
> I have run all the possible commands but that thing isn't going away :(
> Even I even tried to search inside ldapsearch to see if I can manually
> remove them from ldap DB but it's not there either. I don't know who is
> holding this information.
>
> [root@ldap-vx-010101-4 ~]# ipa-replica-manage del
>
ldap-vx-010103-4.site5.example.com --clean --force
> ipa: WARNING: Forcing removal of
ldap-vx-010103-4.site5.example.com
> ipa: WARNING: Ignoring topology connectivity errors.
> ipa: WARNING: Ignoring these warnings and proceeding with removal
> ipa: WARNING: Failed to cleanup
ldap-vx-010103-4.site5.example.com DNS
> entries: no such entry
> ipa: WARNING: You may need to manually remove them from the tree
> ipa: WARNING: Server has already been deleted
> -----------------------------------------------------
> Deleted IPA server "ldap-vx-010103-4.site5.example.com"
> -----------------------------------------------------
>
>
>
> [root@ldap-vx-010101-4 ~]# ipa server-del
>
ldap-vx-010103-4.site5.example.com --force
> Removing
ldap-vx-010103-4.site5.example.com from replication topology,
> please wait...
> ipa: WARNING: Forcing removal of
ldap-vx-010103-4.site5.example.com
> ipa: WARNING: Failed to cleanup
ldap-vx-010103-4.site5.example.com DNS
> entries: no such entry
> ipa: WARNING: You may need to manually remove them from the tree
> ipa: WARNING: Server has already been deleted
> -----------------------------------------------------
> Deleted IPA server "ldap-vx-010103-4.site5.example.com"
> -----------------------------------------------------
>
>
> Still I can see it in list
>
>
ldap-vx-010103-4.site5.example.com: replica
> last init status: Error (0)
> last init ended: 1970-01-01 00:00:00+00:00
> last update status: Error (0) No replication sessions started since
> server startup
> last update ended: 1970-01-01 00:00:00+00:00
>
>
>
>
> On Thu, May 16, 2024 at 1:48 AM Florence Blanc-Renaud <flo(a)redhat.com>
> wrote:
>
>> Hi,
>>
>> On Thu, May 16, 2024 at 4:05 AM Satish Patel via FreeIPA-users <
>> freeipa-users(a)lists.fedorahosted.org> wrote:
>>
>>> Folks,
>>>
>>> I am trying to build some replicas and somehow they failed but because
>>> they are half baked they are stuck in master nodes and not letting me
>>> remove them. I have tried all the options and don't know how to get rid
of
>>> them.
>>>
>>> I want to remove
ldap-vx-010103-1.site5.example.com and
>>>
ldap-vx-010103-2.site5.example.com. I have removed them from topology
>>> and from host and hostgroup ipaservers list but no luck. I have totally
>>> shut down replicas nodes but still no luck. Are there any good ways to
>>> clean them up?
>>>
>>
>> The commands "ipa server-del <hostname> --force" or
"ipa-replica-manage
>> del <hostname> --clean --force" should be able to remove references
to
>> those servers, even if they are shutdown. You need to run the command on a
>> working server.
>>
>> HTH,
>> flo
>>
>>>
>>> [root@ldap-vx-010101-4 ~]# ipa-replica-manage list -v `hostname`
>>>
ldap-vx-010101-1.site5.example.com: replica
>>> last init status: None
>>> last init ended: 1970-01-01 00:00:00+00:00
>>> last update status: Error (0) Replica acquired successfully:
>>> Incremental update succeeded
>>> last update ended: 2024-05-16 01:58:02+00:00
>>>
ldap-vx-010101-2.site5.example.com: replica
>>> last init status: None
>>> last init ended: 1970-01-01 00:00:00+00:00
>>> last update status: Error (0) Replica acquired successfully:
>>> Incremental update succeeded
>>> last update ended: 2024-05-16 01:58:02+00:00
>>>
ldap-vx-010101-3.site5.example.com: replica
>>> last init status: None
>>> last init ended: 1970-01-01 00:00:00+00:00
>>> last update status: Error (0) Replica acquired successfully:
>>> Incremental update succeeded
>>> last update ended: 2024-05-16 01:58:02+00:00
>>>
ldap-vx-010101-5.site5.example.com: replica
>>> last init status: None
>>> last init ended: 1970-01-01 00:00:00+00:00
>>> last update status: Error (0) Replica acquired successfully:
>>> Incremental update succeeded
>>> last update ended: 2024-05-16 01:58:02+00:00
>>>
ldap-vx-010103-1.site5.example.com: replica
>>> last init status: Error (0)
>>> last init ended: 1970-01-01 00:00:00+00:00
>>> last update status: Error (-1) Problem connecting to replica - LDAP
>>> error: Can't contact LDAP server (connection error)
>>> last update ended: 2024-05-11 10:30:33+00:00
>>>
ldap-vx-010103-2.site5.example.com: replica
>>> last init status: Error (0) Total update succeeded
>>> last init ended: 2024-05-10 20:35:02+00:00
>>> last update status: Error (-1) Problem connecting to replica - LDAP
>>> error: Can't contact LDAP server (connection error)
>>> last update ended: 1970-01-01 00:00:00+00:00
>>>
ldap-vx-010103-3.site5.example.com: replica
>>> last init status: Error (0) Total update succeeded
>>> last init ended: 2024-05-10 21:14:53+00:00
>>> last update status: Error (0) Replica acquired successfully:
>>> Incremental update succeeded
>>> last update ended: 2024-05-16 01:58:02+00:00
>>> --
>>> _______________________________________________
>>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>>> To unsubscribe send an email to
>>> freeipa-users-leave(a)lists.fedorahosted.org
>>> Fedora Code of Conduct:
>>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:
>>>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>>> Do not reply to spam, report it:
>>>
https://pagure.io/fedora-infrastructure/new_issue
>>>
>>