Red Hat Bugzilla – Bug 831526
Replica removal steps are not right and dangerous
Last modified: 2012-06-27 09:28:10 EDT
Description of problem: Replica removal steps in this link: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/Identity_Management_Guide/removing-replica.html contain an invalid and dangerous Step 3 - running the set of "ipa-replica-manage del SERVER" removes all replication agreements and data about SERVER, which will practically disable all installed replicas but the one it is running on. I assume that originally this should have been an "ipa-replica-manage disconnect SERVER" command. Since a part of "ipa-replica-manage del SERVER" command is a connection to all active replicas and removing agreements between such replica and deleted SERVER, I think these steps should be enough: 3) On another IPA server, remove all replication agreements and data about the replica: [root@ipaserver ~]# ipa-replica-manage del replica.example.com 4) Uninstall the replica. [root@replica ~]# ipa-server-install --uninstall -U
We should also probably add a note about ipa-csreplica-manage which can be used to remove replication agreements for the CA Directory Server instance - if the replica has a CA configured.
Updated the removal steps: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/removing-replica.html
Verified the information in Comment#0 and #2 has been incorperated into the guide: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/removing-replica.html Red_Hat_Enterprise_Linux-Identity_Management_Guide-6-en-US-2.2.0-1