[Freeipa-devel] [PATCH] 873-874 ipa-replica-manage: adjust del to work with managed topology

[Ludwig Krispenz]

On 06/12/2015 04:18 PM, Petr Vobornik wrote:
> Some notes:
>
> 1. As mentioned in the WIP patch thread: original 'del' worked also 
> with winsync agreements. I'm not sure why is that. Shouldn't 
> 'disconnect' be used for winsync agreements? At least man page says 
> that. This patch doesn't support it if domain level > 0. Is it a blocker?
>
> Following should be addressed in beta:
>
> 2. If `ipa-replica-manage del` is run before `ipa-csreplica-manage 
> del` then the `ipa-csreplica-manage del` will fail unless run with 
> --force options.
>
> 3. Check for orphaned server is missing. I want to use proper graph 
> traversing algorithm for that given that we have the whole topology.
>
> 4. Probably a work for topology plugin: I've seen that the removed 
> master doesn't remove its segments and agreements even though that it 
> knows about its removal (doesn't have its own entry in cn=masters). It 
> leads to failed replication connection attempts. Not a big issue, but 
> also not wanted.
>
>
4. is tough. it also depends on where you remove the master entry.

the removal of the master entry triggers the removal of the segments, 
which triggers the removal of the agreement, and the agreement could be 
removed before the segment removal is replicated (it is a race).
So, on purpose, the removal of the segments is only triggered on the 
servers in the remaining topology, it also will remove the credentials 
of the removed replica, so it will no longer be able to replicate back 
into the remaining topology.
The  assumption was that a removed replica will be really removed and 
focus was, remove any info on the removed replica from the remaining 
topology and prevent any updates from the removed replica.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150612/df98b0d1/attachment.htm>