Bug 998069 - after ipa-server-install --uninstall on a replica, ipa-ca.$DOMAIN name not updated.
after ipa-server-install --uninstall on a replica, ipa-ca.$DOMAIN name not up...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.0
Unspecified Unspecified
low Severity low
: rc
: ---
Assigned To: Martin Kosek
Namita Soman
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-16 19:36 EDT by Michael Gregg
Modified: 2014-08-05 07:17 EDT (History)
3 users (show)

See Also:
Fixed In Version: ipa-3.3.1-3.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-13 07:19:51 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michael Gregg 2013-08-16 19:36:01 EDT
Description of problem:
uninstall of ipa-server on a IPA replica does not remove the replica from the ipa-ca.$DOMAIN dns entry.

Version-Release number of selected component (if applicable):
RHEL-7.0-20130815.n.0 

How reproducible:
always

Steps to Reproduce:
On Master
1. /usr/sbin/ipa-server-install --setup-dns --forwarder=<DNS forwarder> --hostname=<MASTER hostname> -r TESTRELM.COM -n testrelm.com -p Secret123 -P Secret123 -a Secret123 -U
2. ipa-replica-prepare --ip-address=<IP of replica>  <hostname of replica>
3. Copy GPG file to replica server

On Slave
4. ipa-replica-install -U --setup-dns --forwarder=10.11.5.19 -w Secret123 -p Secret123 /tmp/<replica-file>.testrelm.com.gpg
5. ipa-replica-install -U --setup-dns --forwarder=10.11.5.19 -w Secret123 -p Secret123 /tmp/replica-info-ipaqavmd.testrelm.com.gpg
6. dig ipa-ca.$DOMAIN

Actual results:
After uninstall of replica, the answer section still contains the replica:
;; ANSWER SECTION:
ipa-ca.testrelm.com.	86400	IN	A	10.16.98.181
ipa-ca.testrelm.com.	86400	IN	A	10.16.98.180

Expected results:
The name should not contain 10.16.98.181 as it's the IP for a uninstalled replica.

Additional info:
Comment 1 Michael Gregg 2013-08-16 19:38:17 EDT
Correction of step 5.

Step 5 should have been:

5. ipa-server-install --uninstall
Comment 2 Rob Crittenden 2013-08-19 08:49:05 EDT
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/3867
Comment 3 Rob Crittenden 2013-08-20 09:05:49 EDT
Uninstalling a server does not contact the other replicas (we have no credentials). We may be able to check to see if there are any replication agreements and warn.

It may also be that this value is not cleaned up when the a master is removed.
Comment 7 Martin Kosek 2013-09-10 04:30:36 EDT
Moving back to ON_QA after regression was fixed.
Comment 8 Michael Gregg 2014-01-16 19:22:38 EST
Verified against ipa-server-3.3.3-10.el7.x86_64

[root@blade05 ~]# dig ipa-ca.$DOMAIN

;; AUTHORITY SECTION:
testrelm.com.		86400	IN	NS	ibm-x3250m4-04.testrelm.com.
testrelm.com.		86400	IN	NS	blade05.testrelm.com.


[root@blade05 ~]# ipa-replica-manage del ibm-x3250m4-04.testrelm.com
Deleting a master is irreversible.
To reconnect to the remote master you will need to prepare a new replica file
and re-install.
Continue to delete? [no]: yes
Deleting replication agreements between ibm-x3250m4-04.testrelm.com and blade05.testrelm.com
ipa: INFO: Setting agreement cn=meToblade05.testrelm.com,cn=replica,cn=dc\=testrelm\,dc\=com,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch
ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=meToblade05.testrelm.com,cn=replica,cn=dc\=testrelm\,dc\=com,cn=mapping tree,cn=config
ipa: INFO: Replication Update in progress: TRUE: status: 0 Replica acquired successfully: Incremental update started: start: 0: end: 0
ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica acquired successfully: Incremental update succeeded: start: 0: end: 0
Deleted replication agreement from 'blade05.testrelm.com' to 'ibm-x3250m4-04.testrelm.com'
Background task created to clean replication data. This may take a while.
This may be safely interrupted with Ctrl+C

[root@blade05 ~]# dig ipa-ca.$DOMAIN

;; AUTHORITY SECTION:
testrelm.com.		86400	IN	NS	blade05.testrelm.com.
Comment 9 Ludek Smid 2014-06-13 07:19:51 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.