When trying to delete an unreachable replica, the replica is contacted at some point in the process causing a connection failure and the replica deletion fails.
[root@tatooine ipa]# ipa-replica-manage list coruscant.lab.mydomain.co: master tatooine.lab.mydomain.co: master
[root@tatooine ipa]# ipa-replica-manage del coruscant.lab.mydomain.co --force --cleanup --verbose --debug >> log_file 2>&1
HTTPSConnectionPool(host='coruscant.lab.mydomain.co', port=443): Max retries exceeded with url: /kra/rest/config/cert/transport (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fcc2858f7b8>: Failed to establish a new connection: [Errno -2] Name or service not known'))
The replica coruscant would have been deleted
freeipa-server-4.7.2-1.1.fc29.x86_64 freeipa-client-4.7.2-1.1.fc29.x86_64 package ipa-server is not installed package ipa-client is not installed 389-ds-base-1.4.0.22-1.fc29.x86_64 pki-ca-10.6.9-1.fc29.noarch krb5-server-1.16.1-25.fc29.x86_64
I have attached the full debug log from the command as well.
Can you attach the logs?
I think this is due to services being shut down before the KRA being uninstalled which uses the REST API for some parts. It might just be a reporting issue that can be ignored or it could require re-ordering of uninstallation.
Was this the only KRA installation in your environment?
<img alt="ipa-replica-manage-del-debug.log" src="/freeipa/issue/raw/files/099acdf378a5f6c5f4a18ece3ee8d06abdb63c15fac5977e52fa07e74ebfa9c2-ipa-replica-manage-del-debug.log" />
Sorry I'm not sure what happened, I did attach in my original post. Lets try again.
Can you attach the logs? I think this is due to services being shut down before the KRA being uninstalled which uses the REST API for some parts. It might just be a reporting issue that can be ignored or it could require re-ordering of uninstallation. Was this the only KRA installation in your environment?
It looks like yes the replica I was trying to delete was my only KRA master. I lost both my masters recently after some water damage, and had a backup of tatooine, but not of coruscant. I was hoping to be able to just delete the KRA server and recreate it from scratch.
Server name: tatooine.lab.mydomain.co Server name: tatooine.lab.mydomain.co Managed suffixes: domain, ca Min domain level: 1 Max domain level: 1 Enabled server roles: CA server, DNS server, IPA master [root@tatooine ~]# ipa server-show Server name: coruscant.lab.mydomain.co Server name: coruscant.lab.mydomain.co Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 Enabled server roles: CA server, DNS server, IPA master, KRA server
I have also been trying to follow https://access.redhat.com/solutions/3635161 but that is more for cleaning up a KRA on an existing machine, not deleting a reference to a kra on another system.
Metadata Update from @pcech: - Issue tagged with: Falcon
Login to comment on this ticket.