<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 06/09/2015 03:55 PM, Oleg Fayans
wrote:<br>
</div>
<blockquote cite="mid:5576F055.2060603@redhat.com" type="cite">Hi
everybody,
<br>
<br>
The current status of Topology plugin testing is as follows:
<br>
<br>
1. There is still no proper way of removing the replica.
<br>
Standard procedure using `ipa-replica-manage del` throws "Server
is unwilling to perform: Entry is managed by topology
plugin.Deletion not allowed.". </blockquote>
yes, that is for the first attempt to directly remove the agreement,
but when the server is removed the agreements should be removed<br>
<blockquote cite="mid:5576F055.2060603@redhat.com" type="cite">The
replication agreement though does get deleted, </blockquote>
then it is ok,<br>
<blockquote cite="mid:5576F055.2060603@redhat.com" type="cite">but
the topology information does not get updated. </blockquote>
what do you mean, where do you check ? in the "remaining" topology
the shared tree should be updated, for the removed replica it will
not, but this should be uninstalled anyway<br>
<blockquote cite="mid:5576F055.2060603@redhat.com" type="cite">When
I then issue `ipa topologysegment-del`, it fails due to "ipa:
ERROR: Server is unwilling to perform: Removal of Segment
disconnects topology.Deletion not allowed."
<br>
</blockquote>
correct, you can only do it after removal of the server<br>
<blockquote cite="mid:5576F055.2060603@redhat.com" type="cite">
<br>
I tried to disable the segment first and then delete it, but with
the segment properly disabled, the attempt to delete it raised a
GSS error: "ipa: ERROR: Kerberos error: Kerberos error:
('Unspecified GSS failure. Minor code may provide more
information', 851968)/('KDC returned error string: PROCESS_TGS',
-1765328324)/". I am not sure, where to search for corresponding
logs. The session transcript is attached.
<br>
<br>
2. The following is probably unrelated to the topology plugin:
<br>
I installed a replica with --setup-ca option. Then, on this
replica tried to prepare another replica:
<br>
-------------------------------------------------------------------------------------------------------------------------------------------------
<br>
root@f22replica2:/home/ofayans/f22]$ ipa-replica-prepare
--ip-address 192.168.122.141 f22replica3.bagam.net
<br>
Directory Manager (existing master) password:
<br>
<br>
Preparing replica for f22replica3.bagam.net from
f22replica2.bagam.net
<br>
Creating SSL certificate for the Directory Server
<br>
Certificate issuance failed
<br>
-------------------------------------------------------------------------------------------------------------------------------------------------
<br>
The corresponding line in the dirsrv log:
<br>
[09/Jun/2015:09:54:46 -0400] - Entry "uid=admin,ou=people,o=ipaca"
-- attribute "krbExtraData" not allowed
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>