[Freeipa-devel] [PATCH] 873-874 ipa-replica-manage: adjust del to work with managed topology
Petr Vobornik
pvoborni at redhat.com
Fri Jun 12 15:19:23 UTC 2015
On 06/12/2015 04:45 PM, Ludwig Krispenz wrote:
>
> On 06/12/2015 04:18 PM, Petr Vobornik wrote:
>> Some notes:
>>
>> 1. As mentioned in the WIP patch thread: original 'del' worked also
>> with winsync agreements. I'm not sure why is that. Shouldn't
>> 'disconnect' be used for winsync agreements? At least man page says
>> that. This patch doesn't support it if domain level > 0. Is it a blocker?
>>
>> Following should be addressed in beta:
>>
>> 2. If `ipa-replica-manage del` is run before `ipa-csreplica-manage
>> del` then the `ipa-csreplica-manage del` will fail unless run with
>> --force options.
>>
>> 3. Check for orphaned server is missing. I want to use proper graph
>> traversing algorithm for that given that we have the whole topology.
>>
>> 4. Probably a work for topology plugin: I've seen that the removed
>> master doesn't remove its segments and agreements even though that it
>> knows about its removal (doesn't have its own entry in cn=masters). It
>> leads to failed replication connection attempts. Not a big issue, but
>> also not wanted.
>>
>>
> 4. is tough. it also depends on where you remove the master entry.
>
> the removal of the master entry triggers the removal of the segments,
> which triggers the removal of the agreement, and the agreement could be
> removed before the segment removal is replicated (it is a race).
> So, on purpose, the removal of the segments is only triggered on the
> servers in the remaining topology, it also will remove the credentials
> of the removed replica, so it will no longer be able to replicate back
> into the remaining topology.
> The assumption was that a removed replica will be really removed and
> focus was, remove any info on the removed replica from the remaining
> topology and prevent any updates from the removed replica.
>
OK. `ipa-server-install --uninstall` needs some information to know that
the replica was removed properly and then not to complain about
remaining replication agreements. Is there such information on the
deleted replica which we can rely on?
--
Petr Vobornik
More information about the Freeipa-devel
mailing list