Would I be correct to try the following:
Try to reinitialize database with
# ipa-replica-manage re-initialize --from ipa03.fbog.local
If reinitializing database doesn't work, then
Re-install replica server as :
1- On Master server
1 . obtain a Kerberos ticket before running IPA tools
# kinit admin
2 . List all of the configured replication agreements for the FreeIPA domain.
# ipa-replica-manage list
3 . Removing the replica from the topology involves deleting all the agreements between
thereplica and the other servers in the IPA domain and all of the data about the replica
in thedomain configuration
# ipa-replica-manage del ipa04.fbog.local
4 . If the replica was configured with its own CA, then also use the ipa-csreplica-manage
del command to remove all certificate server replication agreements.
(HOW DO I CHECK IF THIS IS TRUE?)
# ipa-csreplica-manage del ipa04.fbog.local
2- On replica
For errors like " ipa.ipapython.install.cli.install_tool(Replica): ERROR A CA is
already configured on this system."
Remove CA certificates manually with
# pkidestroy -s CA -i pki-tomcat
# rm -rf /var/log/pki/pki-tomcat /etc/sysconfig/pki-tomcat
/etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat /etc/pki/pki-tomcat
5 . Uninstall replica by running below command
# ipa-server-install --uninstall -U
But then what do we do to rebuild the IPA on ipa04.fbog.local?
Thanks.
-Steven
-----Original Message-----
From: Rob Crittenden <rcritten(a)redhat.com>
Sent: Tuesday, August 10, 2021 9:19 AM
To: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Cc: Shirley Schaeffer <shirley_schaeffer(a)nwrdc.fsu.edu>; Simpson, Brett
<brett_simpson(a)nwrdc.fsu.edu>; Auerbach, Steven <Steven.Auerbach(a)flbog.edu>
Subject: Re: [Freeipa-users] Hard Crash of Server Corrupted IPA
Auerbach, Steven via FreeIPA-users wrote:
A storage subsystem failure below our virtualization layer caused a
hard crash of our 2^nd IPA Master. It will not start back up.
$ Systemctl status –l ipa
● ipa.service - Identity, Policy, Audit
Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled;
vendor
preset: disabled)
Active: failed (Result: exit-code) since Fri 2021-08-06 15:47:24
EDT;
3 days ago
Process: 1554 ExecStart=/usr/sbin/ipactl start (code=exited,
status=1/FAILURE)
Main PID: 1554 (code=exited, status=1/FAILURE)
Aug 06 15:46:46 ipa04.fbog.local systemd[1]: Starting Identity,
Policy, Audit...
Aug 06 15:47:24 ipa04.fbog.local ipactl[1554]: Failed to start
Directory
Service: Command '/bin/systemctl start dirsrv(a)FBOG-LOCAL.service'
returned non-zero exit status 1
Aug 06 15:47:24 ipa04.fbog.local ipactl[1554]: Starting Directory
Service
Aug 06 15:47:24 ipa04.fbog.local systemd[1]: ipa.service: main process
exited, code=exited, status=1/FAILURE
Aug 06 15:47:24 ipa04.fbog.local systemd[1]: Failed to start Identity,
Policy, Audit.
Aug 06 15:47:24 ipa04.fbog.local systemd[1]: Unit ipa.service entered
failed state.
Aug 06 15:47:24 ipa04.fbog.local systemd[1]: ipa.service failed.
Multiple OS restarts do not clear this. There must be a pid file
somewhere to delete. Not sure where to look in documentation or a
meaningful search expression for researching the web.
Help?
You need to look in the 389-ds error log for details,
/var/log/dirsrv/slapd-FBOG-LOCAL/errors
rob