Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 998069
Description of problem: uninstall of ipa-server on a IPA replica does not remove the replica from the ipa-ca.$DOMAIN dns entry. Version-Release number of selected component (if applicable): RHEL-7.0-20130815.n.0 How reproducible: always Steps to Reproduce: On Master 1. /usr/sbin/ipa-server-install --setup-dns --forwarder=<DNS forwarder> --hostname=<MASTER hostname> -r TESTRELM.COM -n testrelm.com -p Secret123 -P Secret123 -a Secret123 -U 2. ipa-replica-prepare --ip-address=<IP of replica> <hostname of replica> 3. Copy GPG file to replica server On Slave 4. ipa-replica-install -U --setup-dns --forwarder=10.11.5.19 -w Secret123 -p Secret123 /tmp/<replica-file>.testrelm.com.gpg 5. ipa-replica-install -U --setup-dns --forwarder=10.11.5.19 -w Secret123 -p Secret123 /tmp/replica-info-ipaqavmd.testrelm.com.gpg 6. dig ipa-ca.$DOMAIN Actual results: After uninstall of replica, the answer section still contains the replica: ;; ANSWER SECTION: ipa-ca.testrelm.com. 86400 IN A 10.16.98.181 ipa-ca.testrelm.com. 86400 IN A 10.16.98.180 Expected results: The name should not contain 10.16.98.181 as it's the IP for a uninstalled replica. Additional info:
Removal of the ipa-ca name is (or should be) done by the ipa-replica-manage tool when replication agreements are severed.
The propoer way to 'fix' this bug is probably to warn the user there are still replication agreements in place and that the user should remove them first.
Then make sure ipa-replica-manage delete/cleanup does properly remove the DNS record if present.
Add warning only
master: 7959f3e[[BR]] ipa-3-3: 95d3d3d
I just found out that this patch causes a crash in uninstallation when the DS is not reachable:
# ipa-server-install --uninstall --unattended [Errno 2] No such file or directory
Exception:
ipa : DEBUG File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 622, in run_script return_value = main_function() File "/usr/sbin/ipa-server-install", line 626, in main conn.do_external_bind(pwd.getpwuid(os.geteuid()).pw_name) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1744, in do_external_bind self.conn.sasl_interactive_bind_s, timeout, None, auth_tokens) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1730, in __bind_with_wait self.__wait_for_connection(timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1716, in __wait_for_connection wait_for_open_socket(lurl.hostport, timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1115, in wait_for_open_socket raise e ipa : DEBUG The ipa-server-install command failed, exception: error: [Errno 2] No such file or directory [Errno 2] No such file or directory
This check should not cause a crash of the entire uninstallation. It should rather just warn that it could not contact the DS to run the check.
Thanks for catching this, I sent a fix to the freeipa-devel list.
Moving to next month milestone.
master: a70b08e[[BR]] ipa-3-3: 658e734
Metadata Update from @rcritten: - Issue assigned to akrivoka - Issue set to the milestone: FreeIPA 3.3.x - 2013/09 (bug fixing)
Login to comment on this ticket.