[Freeipa-devel] disabling topology segment has no effect
Oleg Fayans
ofayans at redhat.com
Wed Jun 17 14:46:15 UTC 2015
Hi Ludwig,
On 06/17/2015 04:15 PM, Ludwig Krispenz wrote:
>
> On 06/17/2015 03:37 PM, Oleg Fayans wrote:
>> Hi Ludwig, Petr,
>>
>> Presently I have noticed that disabling a segment, using `ipa
>> topologysegment-mod realm replica1-to-replica2
>> --enabled=off` does not have effect on the way the data is replicated.
>>
>> I mean that if we have the following tolopogy:
>> master <-> replica1 <-> replica2
> on which server did you apply the mod ?
On master. It reproduces though even in a situation with the topology
replica3 <-> master <-> replica1 <-> replica2 and you disable the
replica1-replica2 segment on replica3 (quite expectedly)
>> and disable one of the segments, one would expect the changes
>> implemented on master would not be replicated to other nodes (or do I
>> misunderstand the concept of disabling a segment?). However, in
>> reality any changes in master do get replicated despite the segment
>> is disabled.
>>
>> Is it a correct behavior?
>>
>> The second question is: if disabled segments should not let the
>> changes through, then we probably should implement a check for
>> topology disconnection in similar way as `ipa topologysegment-del`
>> does. I mean, whenever a user tries to disable a segment, the plugin
>> should probably check whether it disconnects any of the nodes.
> well, I think disabling should be temporary, you want to disconnect
> for some time. eg for debugging, not deleting the agreement
> completely, I would allow this.
>
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
More information about the Freeipa-devel
mailing list