[Freeipa-devel] topology issues

Ludwig Krispenz lkrispen at redhat.com
Tue Jun 9 14:04:28 UTC 2015 

On 06/09/2015 03:55 PM, Oleg Fayans wrote:
> Hi everybody,
>
> The current status of Topology plugin testing is as follows:
>
> 1. There is still no proper way of removing the replica.
> Standard procedure using `ipa-replica-manage del` throws "Server is 
> unwilling to perform: Entry is managed by topology plugin.Deletion not 
> allowed.". 
yes, that is for the first attempt to directly remove the agreement, but 
when the server is removed the agreements should be removed
> The replication agreement though does get deleted, 
then it is ok,
> but the topology information does not get updated. 
what do you mean, where do you check ? in the "remaining" topology the 
shared tree should be updated, for the removed replica it will not, but 
this should be uninstalled anyway
> When I then issue `ipa topologysegment-del`, it fails due to "ipa: 
> ERROR: Server is unwilling to perform: Removal of Segment disconnects 
> topology.Deletion not allowed."
correct, you can only do it after removal of the server
>
> I tried to disable the segment first and then delete it, but with the 
> segment properly disabled, the attempt to delete it raised a GSS 
> error: "ipa: ERROR: Kerberos error: Kerberos error: ('Unspecified GSS 
> failure.  Minor code may provide more information', 851968)/('KDC 
> returned error string: PROCESS_TGS', -1765328324)/". I am not sure, 
> where to search for corresponding logs. The session transcript is 
> attached.
>
> 2. The following is probably unrelated to the topology plugin:
> I installed a replica with --setup-ca option. Then, on this replica 
> tried to prepare another replica:
> ------------------------------------------------------------------------------------------------------------------------------------------------- 
>
> root at f22replica2:/home/ofayans/f22]$ ipa-replica-prepare --ip-address 
> 192.168.122.141 f22replica3.bagam.net
> Directory Manager (existing master) password:
>
> Preparing replica for f22replica3.bagam.net from f22replica2.bagam.net
> Creating SSL certificate for the Directory Server
> Certificate issuance failed
> ------------------------------------------------------------------------------------------------------------------------------------------------- 
>
> The corresponding line in the dirsrv log:
> [09/Jun/2015:09:54:46 -0400] - Entry "uid=admin,ou=people,o=ipaca" -- 
> attribute "krbExtraData" not allowed
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150609/627faccc/attachment.htm>

More information about the Freeipa-devel mailing list