[Freeipa-devel] [PATCH] 397 Do not crash when replica is unreachable in ipa-restore
thierry bordaz
tbordaz at redhat.com
Tue Jan 27 20:28:04 UTC 2015
On 01/27/2015 09:05 PM, Martin Kosek wrote:
> On 01/27/2015 07:59 PM, Rob Crittenden wrote:
>> Martin Kosek wrote:
>>> On 01/27/2015 08:40 AM, Jan Cholasta wrote:
>>>> Hi,
>>>>
>>>> the attached patch fixes
>>>> <https://fedorahosted.org/freeipa/ticket/4857>.
>>>>
>>>> Honza
>>>
>>> Works like a charm, ACK.
>>>
>>> Pushed to:
>>> master: deb70d5b13ce0e7ec77debb4aa17d75df4c1dedd
>>> ipa-4-1: 74853b66f092a057c22ee811e945f631e6d65059
>>>
>>
>> Sorry I missed this earlier, but this could be a timebomb.
>
> Ah, and I saw that one as a clear one.
>
>> It means that there is some master out there that still has its old
>> changelog and is waiting to push changes you may not want back to the
>> restored master(s).
>
> This is a long shot, but doesn't changes done in
> https://fedorahosted.org/freeipa/ticket/4822
> prevent other masters to sent updates and actually force them to
> re-initialize from restored master? Also CCing Thierry.
>
>> It would definitely be worth testing a scenario like this:
>>
>> 3 masters, A, B, C.
>>
>> Backup A
>>
>> Add a bunch of data
>>
>> shut down C
>>
>> Restore A
>>
>> Re-init B
>>
>> Confirm that that data you added is gone
>>
>> Start up C
>>
>> See what happens. I suspect that data will be re-added.
My understanding is that https://fedorahosted.org/freeipa/ticket/4822
removed the RUV (during restore) from the import ldif file.
So in that case C should not be able to replicate to A, because A has no
RUV (especially replicageneration). Now it needs to be tested.
thanks
thierry
>
> If this is the case, should we print big fat warning in ipa-restore
> "Some of your replication agreements could not be disabled, there are
> the consequences... yadda yadda yadda... Are you sure you want to
> continue?"?
>
> Martin
More information about the Freeipa-devel
mailing list