[Freeipa-devel] [PATCH] 873-874 ipa-replica-manage: adjust del to work with managed topology

Petr Vobornik pvoborni at redhat.com
Fri Jun 12 15:19:23 UTC 2015 

On 06/12/2015 04:45 PM, Ludwig Krispenz wrote:
>
> On 06/12/2015 04:18 PM, Petr Vobornik wrote:
>> Some notes:
>>
>> 1. As mentioned in the WIP patch thread: original 'del' worked also
>> with winsync agreements. I'm not sure why is that. Shouldn't
>> 'disconnect' be used for winsync agreements? At least man page says
>> that. This patch doesn't support it if domain level > 0. Is it a blocker?
>>
>> Following should be addressed in beta:
>>
>> 2. If `ipa-replica-manage del` is run before `ipa-csreplica-manage
>> del` then the `ipa-csreplica-manage del` will fail unless run with
>> --force options.
>>
>> 3. Check for orphaned server is missing. I want to use proper graph
>> traversing algorithm for that given that we have the whole topology.
>>
>> 4. Probably a work for topology plugin: I've seen that the removed
>> master doesn't remove its segments and agreements even though that it
>> knows about its removal (doesn't have its own entry in cn=masters). It
>> leads to failed replication connection attempts. Not a big issue, but
>> also not wanted.
>>
>>
> 4. is tough. it also depends on where you remove the master entry.
>
> the removal of the master entry triggers the removal of the segments,
> which triggers the removal of the agreement, and the agreement could be
> removed before the segment removal is replicated (it is a race).
> So, on purpose, the removal of the segments is only triggered on the
> servers in the remaining topology, it also will remove the credentials
> of the removed replica, so it will no longer be able to replicate back
> into the remaining topology.
> The  assumption was that a removed replica will be really removed and
> focus was, remove any info on the removed replica from the remaining
> topology and prevent any updates from the removed replica.
>

OK. `ipa-server-install --uninstall` needs some information to know that 
the replica was removed properly and then not to complain about 
remaining replication agreements. Is there such information on the 
deleted replica which we can rely on?
-- 
Petr Vobornik

More information about the Freeipa-devel mailing list