#7920 ipa-replica-manage del --force attempts to connect to unreachable server
Opened a month ago by yougotborked. Modified a month ago

Issue

When trying to delete an unreachable replica, the replica is contacted at some point in the process causing a connection failure and the replica deletion fails.

Steps to Reproduce

  1. Install freeipa server with one replica
  2. Modify connectivity to that replica in some way
  3. HTTPSConnection error occurs

Actual behavior

[root@tatooine ipa]# ipa-replica-manage list
coruscant.lab.mydomain.co: master
tatooine.lab.mydomain.co: master

[root@tatooine ipa]# ipa-replica-manage del coruscant.lab.mydomain.co --force --cleanup --verbose --debug >> log_file 2>&1

pasted error here

HTTPSConnectionPool(host='coruscant.lab.mydomain.co', port=443): Max retries exceeded with url: /kra/rest/config/cert/transport (Caused by NewConnectionError('<urllib3.connection.verifiedhttpsconnection object="" at="" 0x7fcc2858f7b8="">: Failed to establish a new connection: [Errno -2] Name or service not known'))

Expected behavior

The replica coruscant would have been deleted

Version/Release/Distribution

freeipa-server-4.7.2-1.1.fc29.x86_64
freeipa-client-4.7.2-1.1.fc29.x86_64
package ipa-server is not installed
package ipa-client is not installed
389-ds-base-1.4.0.22-1.fc29.x86_64
pki-ca-10.6.9-1.fc29.noarch
krb5-server-1.16.1-25.fc29.x86_64

Additional info:

I have attached the full debug log from the command as well.


Can you attach the logs?

I think this is due to services being shut down before the KRA being uninstalled which uses the REST API for some parts. It might just be a reporting issue that can be ignored or it could require re-ordering of uninstallation.

Was this the only KRA installation in your environment?

ipa-replica-manage-del-debug.log

Sorry I'm not sure what happened, I did attach in my original post. Lets try again.

Can you attach the logs?
I think this is due to services being shut down before the KRA being uninstalled which uses the REST API for some parts. It might just be a reporting issue that can be ignored or it could require re-ordering of uninstallation.
Was this the only KRA installation in your environment?

It looks like yes the replica I was trying to delete was my only KRA master.
I lost both my masters recently after some water damage, and had a backup of tatooine, but not of coruscant.
I was hoping to be able to just delete the KRA server and recreate it from scratch.

Server name: tatooine.lab.mydomain.co
Server name: tatooine.lab.mydomain.co
Managed suffixes: domain, ca
Min domain level: 1
Max domain level: 1
Enabled server roles: CA server, DNS server, IPA master
[root@tatooine ~]# ipa server-show
Server name: coruscant.lab.mydomain.co
Server name: coruscant.lab.mydomain.co
Managed suffixes: domain, ca
Min domain level: 0
Max domain level: 1
Enabled server roles: CA server, DNS server, IPA master, KRA server

I have also been trying to follow https://access.redhat.com/solutions/3635161 but that is more for cleaning up a KRA on an existing machine, not deleting a reference to a kra on another system.

Login to comment on this ticket.

Metadata
Attachments 1