[Freeipa-devel] topology issues
Ludwig Krispenz
lkrispen at redhat.com
Tue Jun 9 14:04:28 UTC 2015
On 06/09/2015 03:55 PM, Oleg Fayans wrote:
> Hi everybody,
>
> The current status of Topology plugin testing is as follows:
>
> 1. There is still no proper way of removing the replica.
> Standard procedure using `ipa-replica-manage del` throws "Server is
> unwilling to perform: Entry is managed by topology plugin.Deletion not
> allowed.".
yes, that is for the first attempt to directly remove the agreement, but
when the server is removed the agreements should be removed
> The replication agreement though does get deleted,
then it is ok,
> but the topology information does not get updated.
what do you mean, where do you check ? in the "remaining" topology the
shared tree should be updated, for the removed replica it will not, but
this should be uninstalled anyway
> When I then issue `ipa topologysegment-del`, it fails due to "ipa:
> ERROR: Server is unwilling to perform: Removal of Segment disconnects
> topology.Deletion not allowed."
correct, you can only do it after removal of the server
>
> I tried to disable the segment first and then delete it, but with the
> segment properly disabled, the attempt to delete it raised a GSS
> error: "ipa: ERROR: Kerberos error: Kerberos error: ('Unspecified GSS
> failure. Minor code may provide more information', 851968)/('KDC
> returned error string: PROCESS_TGS', -1765328324)/". I am not sure,
> where to search for corresponding logs. The session transcript is
> attached.
>
> 2. The following is probably unrelated to the topology plugin:
> I installed a replica with --setup-ca option. Then, on this replica
> tried to prepare another replica:
> -------------------------------------------------------------------------------------------------------------------------------------------------
>
> root at f22replica2:/home/ofayans/f22]$ ipa-replica-prepare --ip-address
> 192.168.122.141 f22replica3.bagam.net
> Directory Manager (existing master) password:
>
> Preparing replica for f22replica3.bagam.net from f22replica2.bagam.net
> Creating SSL certificate for the Directory Server
> Certificate issuance failed
> -------------------------------------------------------------------------------------------------------------------------------------------------
>
> The corresponding line in the dirsrv log:
> [09/Jun/2015:09:54:46 -0400] - Entry "uid=admin,ou=people,o=ipaca" --
> attribute "krbExtraData" not allowed
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150609/627faccc/attachment.htm>
More information about the Freeipa-devel
mailing list