Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 998069

Summary: after ipa-server-install --uninstall on a replica, ipa-ca.$DOMAIN name not updated.
Product: Red Hat Enterprise Linux 7 Reporter: Michael Gregg <mgregg>
Component: ipaAssignee: Martin Kosek <mkosek>
Status: CLOSED CURRENTRELEASE QA Contact: Namita Soman <nsoman>
Severity: low Docs Contact:
Priority: low    
Version: 7.0CC: arubin, pviktori, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.3.1-3.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 11:19:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Gregg 2013-08-16 23:36:01 UTC 
Description of problem:
uninstall of ipa-server on a IPA replica does not remove the replica from the ipa-ca.$DOMAIN dns entry.

Version-Release number of selected component (if applicable):
RHEL-7.0-20130815.n.0 

How reproducible:
always

Steps to Reproduce:
On Master
1. /usr/sbin/ipa-server-install --setup-dns --forwarder=<DNS forwarder> --hostname=<MASTER hostname> -r TESTRELM.COM -n testrelm.com -p Secret123 -P Secret123 -a Secret123 -U
2. ipa-replica-prepare --ip-address=<IP of replica>  <hostname of replica>
3. Copy GPG file to replica server

On Slave
4. ipa-replica-install -U --setup-dns --forwarder=10.11.5.19 -w Secret123 -p Secret123 /tmp/<replica-file>.testrelm.com.gpg
5. ipa-replica-install -U --setup-dns --forwarder=10.11.5.19 -w Secret123 -p Secret123 /tmp/replica-info-ipaqavmd.testrelm.com.gpg
6. dig ipa-ca.$DOMAIN

Actual results:
After uninstall of replica, the answer section still contains the replica:
;; ANSWER SECTION:
ipa-ca.testrelm.com.	86400	IN	A	10.16.98.181
ipa-ca.testrelm.com.	86400	IN	A	10.16.98.180

Expected results:
The name should not contain 10.16.98.181 as it's the IP for a uninstalled replica.

Additional info:
Comment 1 Michael Gregg 2013-08-16 23:38:17 UTC 
Correction of step 5.

Step 5 should have been:

5. ipa-server-install --uninstall
Comment 2 Rob Crittenden 2013-08-19 12:49:05 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/3867
Comment 3 Rob Crittenden 2013-08-20 13:05:49 UTC 
Uninstalling a server does not contact the other replicas (we have no credentials). We may be able to check to see if there are any replication agreements and warn.

It may also be that this value is not cleaned up when the a master is removed.
Comment 4 Petr Viktorin (pviktori) 2013-09-04 09:08:33 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/7959f3ee1e38ce10e2f32a51c3fa0f45f949f06f
ipa-3-3: https://fedorahosted.org/freeipa/changeset/95d3d3d60b9e981bcd192ed11242d58873fd09bf
Comment 6 Petr Viktorin (pviktori) 2013-09-09 15:29:12 UTC 
A regression was fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/a70b08e9aea891555ebee512de196748a835acb8
ipa-3-3: https://fedorahosted.org/freeipa/changeset/658e734d2c453381a04e9ed72ea6ee9d50cea097
Comment 7 Martin Kosek 2013-09-10 08:30:36 UTC 
Moving back to ON_QA after regression was fixed.
Comment 8 Michael Gregg 2014-01-17 00:22:38 UTC 
Verified against ipa-server-3.3.3-10.el7.x86_64

[root@blade05 ~]# dig ipa-ca.$DOMAIN

;; AUTHORITY SECTION:
testrelm.com.		86400	IN	NS	ibm-x3250m4-04.testrelm.com.
testrelm.com.		86400	IN	NS	blade05.testrelm.com.


[root@blade05 ~]# ipa-replica-manage del ibm-x3250m4-04.testrelm.com
Deleting a master is irreversible.
To reconnect to the remote master you will need to prepare a new replica file
and re-install.
Continue to delete? [no]: yes
Deleting replication agreements between ibm-x3250m4-04.testrelm.com and blade05.testrelm.com
ipa: INFO: Setting agreement cn=meToblade05.testrelm.com,cn=replica,cn=dc\=testrelm\,dc\=com,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch
ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=meToblade05.testrelm.com,cn=replica,cn=dc\=testrelm\,dc\=com,cn=mapping tree,cn=config
ipa: INFO: Replication Update in progress: TRUE: status: 0 Replica acquired successfully: Incremental update started: start: 0: end: 0
ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica acquired successfully: Incremental update succeeded: start: 0: end: 0
Deleted replication agreement from 'blade05.testrelm.com' to 'ibm-x3250m4-04.testrelm.com'
Background task created to clean replication data. This may take a while.
This may be safely interrupted with Ctrl+C

[root@blade05 ~]# dig ipa-ca.$DOMAIN

;; AUTHORITY SECTION:
testrelm.com.		86400	IN	NS	blade05.testrelm.com.
Comment 9 Ludek Smid 2014-06-13 11:19:51 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.