Tried everything you just suggested, and it doesn't work. Yes this is a
recovery option, our environment has become damaged somehow, uncertain
of all that happened. This image gives us a path forward, but I need
these replication agreements to go away and the image to become a stand
alone master. Once that happens I believe I can get the certs to
update, but right now everything seems to be attempting to talk to IPA2
which is still running but the server was rebuilt after this image was
made, so we can't talk with the server.
Randy
On 9/26/2019 4:05 PM, John Keates via FreeIPA-users wrote:
You could turn the clock back, remove the agreements, renew the certs
to a future date, shutdown, reset the clock and renew again to get up and running. Make
sure you’re doing it while the system is offline to prevent NTP.
Also: make sure you don’t run in to this again by making regular recovery points
(backups, snapshots, periodic master updates). I’m assuming this is a recovery action from
total loss of everything? If not: don’t bother with that image, install a fresh master
instead.
John
> On 26 Sep 2019, at 23:59, Randy Morgan via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
>
> I have a two year image of one of my IPA servers that I am trying to bring live.
Unfortunately all of the certs except the CA are expired. I have attempted to follow the
instructions for updating the certs, but it has failed to update them. After careful and
extensive digging, I have found that the issue is two replication agreements from other
IPA servers that have since been rebuilt. Because of the expired certs I can't login
to the web UI, so I can't terminate the agreements that way, and the IPA commands
fail. Is there a way to terminate these agreements manually by removing the references to
the two servers?
>
> Randy Morgan
>
> --
> Randy Morgan
> CSR
> Department of Chemistry/BioChemistry
> Brigham Young University
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
--
Randy Morgan
CSR
Department of Chemistry/BioChemistry
Brigham Young University