Bug 1001662

Summary: Unable to remove replica
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: ipaAssignee: Martin Kosek <mkosek>
Status: CLOSED CURRENTRELEASE QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: mgregg, pviktori, rcritten, spoore
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.3.1-2.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 11:37:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitri Pal 2013-08-27 13:23:31 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3876

Replica and original master installed with DNS and CA.
{{{
freeipa-server-3.3.90GIT278c87c-0.fc19.x86_64
}}}

Reproduction:
* With working replication (new user is replicated):
{{{
$ ipa-replica-manage del vm-175.idm.lab.eng.brq.redhat.com
Deleting a master is irreversible.
To reconnect to the remote master you will need to prepare a new replica file
and re-install.
Continue to delete? [no]: yes
No RUV records found.
}}}
{{{
$ ipa-replica-manage del vm-175.idm.lab.eng.brq.redhat.com -cf
No RUV records found.
}}}

* With replica dead (turned off)
{{{
$ ipa-replica-manage del vm-175.idm.lab.eng.brq.redhat.com -cf
Connection to 'vm-175.idm.lab.eng.brq.redhat.com' failed: 
Forcing removal of vm-175.idm.lab.eng.brq.redhat.com
Skipping calculation to determine if one or more masters would be orphaned.
No RUV records found.
}}}

Replication is still working after running those commands.
Comment 1 Petr Viktorin (pviktori) 2013-09-04 10:47:26 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/f312d725102f903f67a2db688d3dce94cf84e77d
ipa-3-3: https://fedorahosted.org/freeipa/changeset/93b314da42efb79951b008cbbc8b0df0fc8c7dbe
Comment 3 Martin Kosek 2013-09-05 09:00:18 UTC 
*** Bug 1004555 has been marked as a duplicate of this bug. ***
Comment 4 Scott Poore 2014-01-29 01:59:22 UTC 
Verified.

Version ::

ipa-server-3.3.3-15.el7.x86_64

Test Results ::

ON MASTER:

[root@rhel7-4 ~]# ipa user-add testuser1 --first=f --last=l
----------------------
Added user "testuser1"
----------------------
  User login: testuser1
  First name: f
  Last name: l
  Full name: f l
  Display name: f l
  Initials: fl
  Home directory: /home/testuser1
  GECOS: f l
  Login shell: /bin/sh
  Kerberos principal: testuser1.TEST
  Email address: testuser1.test
  UID: 1902000001
  GID: 1902000001
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

ON REPLICA:

[root@rhel7-5 ~]# ipa user-find 
---------------
2 users matched
---------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  UID: 1902000000
  GID: 1902000000
  Account disabled: False
  Password: True
  Kerberos keys available: True

  User login: testuser1
  First name: f
  Last name: l
  Home directory: /home/testuser1
  Login shell: /bin/sh
  Email address: testuser1.test
  UID: 1902000001
  GID: 1902000001
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 2
----------------------------

[root@rhel7-5 ~]# ipactl stop
Stopping Directory Service
Stopping ipa-otpd Service
Stopping pki-tomcatd Service
Stopping httpd Service
Stopping ipa_memcached Service
Stopping kadmin Service
Stopping krb5kdc Service
ipa: INFO: The ipactl command was successful


ON MASTER:

[root@rhel7-4 ~]# ipa-replica-manage del replica1.ipa2.example.test -cf
Connection to 'replica1.ipa2.example.test' failed: 
Forcing removal of replica1.ipa2.example.test
Skipping calculation to determine if one or more masters would be orphaned.
Deleting replication agreements between replica1.ipa2.example.test and master.ipa2.example.test
Failed to get list of agreements from 'replica1.ipa2.example.test': 
Forcing removal on 'master.ipa2.example.test'
Any DNA range on 'replica1.ipa2.example.test' will be lost
Deleted replication agreement from 'master.ipa2.example.test' to 'replica1.ipa2.example.test'
Background task created to clean replication data. This may take a while.
This may be safely interrupted with Ctrl+C

[root@rhel7-4 ~]# ipa-replica-manage list
master.ipa2.example.test: master
[root@rhel7-4 ~]# 


ON REPLICA:

[root@rhel7-5 ~]# ipactl start
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting ipa_memcached Service
Starting httpd Service
Starting pki-tomcatd Service
Starting ipa-otpd Service
ipa: INFO: The ipactl command was successful
[root@rhel7-5 ~]# ipa user-show testuser2
ipa: ERROR: testuser2: user not found


ON MASTER:

[root@rhel7-4 ~]# ipa user-add testuser2 --first=f --last=l
----------------------
Added user "testuser2"
----------------------
  User login: testuser2
  First name: f
  Last name: l
  Full name: f l
  Display name: f l
  Initials: fl
  Home directory: /home/testuser2
  GECOS: f l
  Login shell: /bin/sh
  Kerberos principal: testuser2.TEST
  Email address: testuser2.test
  UID: 1902000003
  GID: 1902000003
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

ON REPLICA:

[root@rhel7-5 ~]# ipa user-show testuser2
ipa: ERROR: testuser2: user not found
Comment 5 Ludek Smid 2014-06-13 11:37:01 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.