[Freeipa-devel] disabling topology segment has no effect
Ludwig Krispenz
lkrispen at redhat.com
Wed Jun 17 14:15:25 UTC 2015
On 06/17/2015 03:37 PM, Oleg Fayans wrote:
> Hi Ludwig, Petr,
>
> Presently I have noticed that disabling a segment, using `ipa
> topologysegment-mod realm replica1-to-replica2
> --enabled=off` does not have effect on the way the data is replicated.
>
> I mean that if we have the following tolopogy:
> master <-> replica1 <-> replica2
on which server did you apply the mod ?
> and disable one of the segments, one would expect the changes
> implemented on master would not be replicated to other nodes (or do I
> misunderstand the concept of disabling a segment?). However, in
> reality any changes in master do get replicated despite the segment is
> disabled.
>
> Is it a correct behavior?
>
> The second question is: if disabled segments should not let the
> changes through, then we probably should implement a check for
> topology disconnection in similar way as `ipa topologysegment-del`
> does. I mean, whenever a user tries to disable a segment, the plugin
> should probably check whether it disconnects any of the nodes.
well, I think disabling should be temporary, you want to disconnect for
some time. eg for debugging, not deleting the agreement completely, I
would allow this.
More information about the Freeipa-devel
mailing list