1001662 – Unable to remove replica

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1001662 - Unable to remove replica

Summary: Unable to remove replica

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Martin Kosek
QA Contact:	Namita Soman
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1004555 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-08-27 13:23 UTC by Dmitri Pal
Modified:	2014-06-18 00:11 UTC (History)
CC List:	4 users (show)
Fixed In Version:	ipa-3.3.1-2.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-13 11:37:01 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Dmitri Pal 2013-08-27 13:23:31 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3876

Replica and original master installed with DNS and CA.
{{{
freeipa-server-3.3.90GIT278c87c-0.fc19.x86_64
}}}

Reproduction:
* With working replication (new user is replicated):
{{{
$ ipa-replica-manage del vm-175.idm.lab.eng.brq.redhat.com
Deleting a master is irreversible.
To reconnect to the remote master you will need to prepare a new replica file
and re-install.
Continue to delete? [no]: yes
No RUV records found.
}}}
{{{
$ ipa-replica-manage del vm-175.idm.lab.eng.brq.redhat.com -cf
No RUV records found.
}}}

* With replica dead (turned off)
{{{
$ ipa-replica-manage del vm-175.idm.lab.eng.brq.redhat.com -cf
Connection to 'vm-175.idm.lab.eng.brq.redhat.com' failed: 
Forcing removal of vm-175.idm.lab.eng.brq.redhat.com
Skipping calculation to determine if one or more masters would be orphaned.
No RUV records found.
}}}

Replication is still working after running those commands.

Comment 1 Petr Viktorin (pviktori) 2013-09-04 10:47:26 UTC

Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/f312d725102f903f67a2db688d3dce94cf84e77d
ipa-3-3: https://fedorahosted.org/freeipa/changeset/93b314da42efb79951b008cbbc8b0df0fc8c7dbe

Comment 3 Martin Kosek 2013-09-05 09:00:18 UTC

*** Bug 1004555 has been marked as a duplicate of this bug. ***

Comment 4 Scott Poore 2014-01-29 01:59:22 UTC

Verified.

Version ::

ipa-server-3.3.3-15.el7.x86_64

Test Results ::

ON MASTER:

[root@rhel7-4 ~]# ipa user-add testuser1 --first=f --last=l
----------------------
Added user "testuser1"
----------------------
  User login: testuser1
  First name: f
  Last name: l
  Full name: f l
  Display name: f l
  Initials: fl
  Home directory: /home/testuser1
  GECOS: f l
  Login shell: /bin/sh
  Kerberos principal: testuser1.TEST
  Email address: testuser1.test
  UID: 1902000001
  GID: 1902000001
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

ON REPLICA:

[root@rhel7-5 ~]# ipa user-find 
---------------
2 users matched
---------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  UID: 1902000000
  GID: 1902000000
  Account disabled: False
  Password: True
  Kerberos keys available: True

  User login: testuser1
  First name: f
  Last name: l
  Home directory: /home/testuser1
  Login shell: /bin/sh
  Email address: testuser1.test
  UID: 1902000001
  GID: 1902000001
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 2
----------------------------

[root@rhel7-5 ~]# ipactl stop
Stopping Directory Service
Stopping ipa-otpd Service
Stopping pki-tomcatd Service
Stopping httpd Service
Stopping ipa_memcached Service
Stopping kadmin Service
Stopping krb5kdc Service
ipa: INFO: The ipactl command was successful


ON MASTER:

[root@rhel7-4 ~]# ipa-replica-manage del replica1.ipa2.example.test -cf
Connection to 'replica1.ipa2.example.test' failed: 
Forcing removal of replica1.ipa2.example.test
Skipping calculation to determine if one or more masters would be orphaned.
Deleting replication agreements between replica1.ipa2.example.test and master.ipa2.example.test
Failed to get list of agreements from 'replica1.ipa2.example.test': 
Forcing removal on 'master.ipa2.example.test'
Any DNA range on 'replica1.ipa2.example.test' will be lost
Deleted replication agreement from 'master.ipa2.example.test' to 'replica1.ipa2.example.test'
Background task created to clean replication data. This may take a while.
This may be safely interrupted with Ctrl+C

[root@rhel7-4 ~]# ipa-replica-manage list
master.ipa2.example.test: master
[root@rhel7-4 ~]# 


ON REPLICA:

[root@rhel7-5 ~]# ipactl start
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting ipa_memcached Service
Starting httpd Service
Starting pki-tomcatd Service
Starting ipa-otpd Service
ipa: INFO: The ipactl command was successful
[root@rhel7-5 ~]# ipa user-show testuser2
ipa: ERROR: testuser2: user not found


ON MASTER:

[root@rhel7-4 ~]# ipa user-add testuser2 --first=f --last=l
----------------------
Added user "testuser2"
----------------------
  User login: testuser2
  First name: f
  Last name: l
  Full name: f l
  Display name: f l
  Initials: fl
  Home directory: /home/testuser2
  GECOS: f l
  Login shell: /bin/sh
  Kerberos principal: testuser2.TEST
  Email address: testuser2.test
  UID: 1902000003
  GID: 1902000003
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

ON REPLICA:

[root@rhel7-5 ~]# ipa user-show testuser2
ipa: ERROR: testuser2: user not found

Comment 5 Ludek Smid 2014-06-13 11:37:01 UTC

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.