[Freeipa-devel] Topology plugin quirks

Oleg Fayans ofayans at redhat.com
Wed Jun 3 09:51:32 UTC 2015 

I confirm every point of this.

On 06/03/2015 11:37 AM, Martin Babinsky wrote:
> Hi everyone,
>
> I have been playing with the topology related patches and I have 
> encountered a few issues that I would like to address in this thread:
>
> 1.) When replica install for whatever reason crashes _after_ the setup 
> of replication agreements etc., it leaves the topology plugin with 
> dangling segment pointing to the dysfunctional node. An attempt to 
> delete it leads to:
>
> """
> ipa: ERROR: Server is unwilling to perform: Removal of Segment 
> disconnects topology.Deletion not allowed.
> """
Furthermore, any attempts to delete a segment (even a properly setup 
one) lead to the same very error.
>
> And you cannot reinstall the crashed replica because it complains 
> about existing replication agreements. It would probably help to be 
> able to force-remove the segments if one of the endpoints doesn't 
> exist/respond.
>
> 2.) I was not able to figure out a way remove replica from the 
> topology without explosions or tampering 
> 'cn=masters,cn=ipa,cn=etc,$SUFFIX'. Obviously ipa-replica-manage del 
> doesn't work anymore (I have tried just for fun, it leads to SIGSEGV 
> of the host's dirsrv and leaves dangling segments to offending 
> replica, leading to point 1).
>
> I managed to remove replica from the topology only by directly 
> uninstalling FreeIPA on the node and then deleting its' host entry 
> from 'cn=masters'. Only after this was the plugin able to 
> automagically removed the segments pointing to/from removed node.
>
> The design page suggests that it should be enough to uninstall IPA 
> server on the replica. The plugin would then pick-up the dangling 
> segments and remove them automatically. However, this behavior seems 
> to require additional modification of the uninstall procedure (e.g. 
> the uninstalling replica should remove its' entry from cn=masters).
>
> 3.) It seems that the removal of topology suffixes containing 
> functioning segments is not handled well. I once tried to do this and 
> it led to segmentation fault on the dirsrv instance. What is the 
> expected behavior in this scenario?
>

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

More information about the Freeipa-devel mailing list