Red Hat Bugzilla – Bug 998069
after ipa-server-install --uninstall on a replica, ipa-ca.$DOMAIN name not updated.
Last modified: 2014-08-05 07:17:41 EDT
Description of problem: uninstall of ipa-server on a IPA replica does not remove the replica from the ipa-ca.$DOMAIN dns entry. Version-Release number of selected component (if applicable): RHEL-7.0-20130815.n.0 How reproducible: always Steps to Reproduce: On Master 1. /usr/sbin/ipa-server-install --setup-dns --forwarder=<DNS forwarder> --hostname=<MASTER hostname> -r TESTRELM.COM -n testrelm.com -p Secret123 -P Secret123 -a Secret123 -U 2. ipa-replica-prepare --ip-address=<IP of replica> <hostname of replica> 3. Copy GPG file to replica server On Slave 4. ipa-replica-install -U --setup-dns --forwarder=10.11.5.19 -w Secret123 -p Secret123 /tmp/<replica-file>.testrelm.com.gpg 5. ipa-replica-install -U --setup-dns --forwarder=10.11.5.19 -w Secret123 -p Secret123 /tmp/replica-info-ipaqavmd.testrelm.com.gpg 6. dig ipa-ca.$DOMAIN Actual results: After uninstall of replica, the answer section still contains the replica: ;; ANSWER SECTION: ipa-ca.testrelm.com. 86400 IN A 10.16.98.181 ipa-ca.testrelm.com. 86400 IN A 10.16.98.180 Expected results: The name should not contain 10.16.98.181 as it's the IP for a uninstalled replica. Additional info:
Correction of step 5. Step 5 should have been: 5. ipa-server-install --uninstall
Upstream ticket: https://fedorahosted.org/freeipa/ticket/3867
Uninstalling a server does not contact the other replicas (we have no credentials). We may be able to check to see if there are any replication agreements and warn. It may also be that this value is not cleaned up when the a master is removed.
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/7959f3ee1e38ce10e2f32a51c3fa0f45f949f06f ipa-3-3: https://fedorahosted.org/freeipa/changeset/95d3d3d60b9e981bcd192ed11242d58873fd09bf
A regression was fixed upstream: master: https://fedorahosted.org/freeipa/changeset/a70b08e9aea891555ebee512de196748a835acb8 ipa-3-3: https://fedorahosted.org/freeipa/changeset/658e734d2c453381a04e9ed72ea6ee9d50cea097
Moving back to ON_QA after regression was fixed.
Verified against ipa-server-3.3.3-10.el7.x86_64 [root@blade05 ~]# dig ipa-ca.$DOMAIN ;; AUTHORITY SECTION: testrelm.com. 86400 IN NS ibm-x3250m4-04.testrelm.com. testrelm.com. 86400 IN NS blade05.testrelm.com. [root@blade05 ~]# ipa-replica-manage del ibm-x3250m4-04.testrelm.com Deleting a master is irreversible. To reconnect to the remote master you will need to prepare a new replica file and re-install. Continue to delete? [no]: yes Deleting replication agreements between ibm-x3250m4-04.testrelm.com and blade05.testrelm.com ipa: INFO: Setting agreement cn=meToblade05.testrelm.com,cn=replica,cn=dc\=testrelm\,dc\=com,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=meToblade05.testrelm.com,cn=replica,cn=dc\=testrelm\,dc\=com,cn=mapping tree,cn=config ipa: INFO: Replication Update in progress: TRUE: status: 0 Replica acquired successfully: Incremental update started: start: 0: end: 0 ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica acquired successfully: Incremental update succeeded: start: 0: end: 0 Deleted replication agreement from 'blade05.testrelm.com' to 'ibm-x3250m4-04.testrelm.com' Background task created to clean replication data. This may take a while. This may be safely interrupted with Ctrl+C [root@blade05 ~]# dig ipa-ca.$DOMAIN ;; AUTHORITY SECTION: testrelm.com. 86400 IN NS blade05.testrelm.com.
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.