[Freeipa-devel] IPAv2, replica installation can be broken
Dmitri Pal
dpal at redhat.com
Thu Jan 14 21:36:43 UTC 2010
Rob Crittenden wrote:
> I just discovered a problem with replica installation in IPAv2 and
> wanted to get some additional opinions on it.
>
> The scenario is this: You've installed a master, perhaps added some
> entries on it, everything is working fine. You've got some hosts that
> you added entries for as well, perhaps even creating some service
> keytabs.
>
> Now you want to make one of those hosts an IPA replica. Things will
> blow up gloriously because some principals needed for the replica may
> already exist in the DB.
>
> So the question is, do we want to enforce that any replica hosts don't
> already exist in the database before proceeding? It seems reasonable
> to me but I'm pretty draconian about such things.
>
It should check anyways. I think this is required.
Now if it found a host there are several options what it can do:
a) Fail and ask to remove the entry manually
b) Delete and recreate the entry as replica
c) Convert the host to replica gracefully
d) Ask user what he wants to do and proceed depending on his choice.
As adept of best usability and flexibility I would say d) but as usual
it is most of work.
I think the effort incrementally increases from a) to d) so you tell me
what we can afford to do for v2.
Can we do c)?
> Thoughts?
>
> rob
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list