[Freeipa-devel] Topology: Central node removal in star topology

Thu Jun 25 07:53:15 UTC 2015

On 06/25/2015 08:52 AM, Ludwig Krispenz wrote:
>
> On 06/24/2015 09:01 PM, Simo Sorce wrote:
>> On Wed, 2015-06-24 at 11:25 +0200, Ludwig Krispenz wrote:
>>> Oleg,
>>>
>>> the topology plugin relies on existing connection between servers which
>>> remain in a topolgy. If you remove a central node in your topology you
>>> are asking for trouble.
>>> With Petr's patch it warns you that your topology will be disconnected,
>>> and if you insist we cannot guarantee anything.
>>> should we completely prohibit this ?
>> No, but a --force should be needed.
>> Without a --force option we should not allow to remove a replica
>> completely from another one.
>>
>>> I don't know, I think you could
>>> also enforce an uninstall of vm175 with probably the same result.
>>> what you mean be calculating the remaining topology and send it to the
>>> remaining servers does not work, it would require to send a removal of a
>>> segment, which would be rejected.
>> You would have to connect to each replica that has a replication
>> agreement with vm175 and remove the segment from that replica. But it
>> wouldn't really help much as once a replica is isolated from the central
>> one, it will not see the other operations going on in other replicas.
>>
>> Once we have a topology resolver we will be able to warn that removing a
>> specific replica will cause a split brain and make very loud warnings
> we have this already, see the output of Oleg's example:
>
> ipa-replica-manage del vm-175.idm.lab.eng.brq.redhat.com
> Topology after removal of vm-175.idm.lab.eng.brq.redhat.com will be
> disconnected:
> Server vm-036.idm.lab.eng.brq.redhat.com can't contact servers:
> vm-056.idm.lab.eng.brq.redhat.com, vm-127.idm.lab.eng.brq.redhat.com
> Server vm-056.idm.lab.eng.brq.redhat.com can't contact servers:
> vm-244.idm.lab.eng.brq.redhat.com, vm-036.idm.lab.eng.brq.redhat.com,
> vm-127.idm.lab.eng.brq.redhat.com
> Server vm-127.idm.lab.eng.brq.redhat.com can't contact servers:
> vm-244.idm.lab.eng.brq.redhat.com, vm-056.idm.lab.eng.brq.redhat.com,
> vm-036.idm.lab.eng.brq.redhat.com
> Server vm-244.idm.lab.eng.brq.redhat.com can't contact servers:
> vm-056.idm.lab.eng.brq.redhat.com, vm-127.idm.lab.eng.brq.redhat.com
> Continue to delete? [no]: yes
>
> it tells you that the topology gets disconnected and which connections
> will be missing, the continue yes/no is the --force,
> the question was, should we allow a force in this situation ?
>

What it does is:
1. Checks current topology, prints errors with introduction msg:
    "Current topology is disconnected:" + errors
2. Checks topology after node removal, prints errors with msg:
    "Topology after removal of %s will be disconnected:" + errors
3. if there were errors in #1 or #2, it does:
    if not force and not ipautil.user_input("Continue to delete?", False):
       sys.exit("Aborted")

To make it more loud we can introduce msg in #2 with: "WARNING: " or 
something even more louder

The question "Continue to delete?" could be
* removed, and therefore --force will be always required for such case
* be still regarded as 'force' but the question could be changed e.g. 
to: "Continue to delete and disconnect the topology?"

>>> More interesting would be if we can heal this later by adding new
>>> segments.
>> Indeed, reconnecting all the severed replicas should cause all the
>> removals (segments or servers) to be replicated among servers and should
>> bring back the topology view in a consistent state. But not until all
>> servers are reconnected and replication has started again.
> This healing can also be required without forcing removal by an admin.
> If you have a start topology and your central node goes down and is not
> recoverable
>>
>> Simo.
>>
>>
>>> Ludwig
>>> On 06/24/2015 11:04 AM, Oleg Fayans wrote:
>>>> Hi everybody,
>>>>
>>>> Current implementation of topology plugin (including patch 878 from
>>>> Petr) allows the deletion of the central node in the star topology.
>>>> I had the following topology:
>>>>
<snip>
-- 
Petr Vobornik