<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 06/09/2015 04:04 PM, Ludwig Krispenz
wrote:<br>
</div>
<blockquote cite="mid:5576F26C.7010802@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<div class="moz-cite-prefix">On 06/09/2015 03:55 PM, Oleg Fayans
wrote:<br>
</div>
<blockquote cite="mid:5576F055.2060603@redhat.com" type="cite">Hi
everybody, <br>
<br>
The current status of Topology plugin testing is as follows: <br>
<br>
1. There is still no proper way of removing the replica. <br>
Standard procedure using `ipa-replica-manage del` throws "Server
is unwilling to perform: Entry is managed by topology
plugin.Deletion not allowed.". </blockquote>
yes, that is for the first attempt to directly remove the
agreement, but when the server is removed the agreements should be
removed<br>
</blockquote>
We should probably think of less threatening error message in this
case. Just from reading the command output one might conclude that
replica removal failed. <br>
<blockquote cite="mid:5576F26C.7010802@redhat.com" type="cite">
<blockquote cite="mid:5576F055.2060603@redhat.com" type="cite">The
replication agreement though does get deleted, </blockquote>
then it is ok,<br>
<blockquote cite="mid:5576F055.2060603@redhat.com" type="cite">but
the topology information does not get updated. </blockquote>
what do you mean, where do you check ? in the "remaining" topology
the shared tree should be updated, for the removed replica it will
not, but this should be uninstalled anyway<br>
</blockquote>
The problem here, is that the topology information does not get
updated on master as well.<br>
<blockquote cite="mid:5576F26C.7010802@redhat.com" type="cite">
<blockquote cite="mid:5576F055.2060603@redhat.com" type="cite">When
I then issue `ipa topologysegment-del`, it fails due to "ipa:
ERROR: Server is unwilling to perform: Removal of Segment
disconnects topology.Deletion not allowed." <br>
</blockquote>
correct, you can only do it after removal of the server<br>
</blockquote>
I do not get it. Master still thinks it has the replica, it displays
it both in CLI using `ipa topologysegment-find` and in the web-ui.
(although it does not show it using `ipa host-find`, which is
correct), and there is no way to manually make it change it's mind?<br>
<blockquote cite="mid:5576F26C.7010802@redhat.com" type="cite">
<blockquote cite="mid:5576F055.2060603@redhat.com" type="cite"> <br>
I tried to disable the segment first and then delete it, but
with the segment properly disabled, the attempt to delete it
raised a GSS error: "ipa: ERROR: Kerberos error: Kerberos error:
('Unspecified GSS failure. Minor code may provide more
information', 851968)/('KDC returned error string: PROCESS_TGS',
-1765328324)/". I am not sure, where to search for corresponding
logs. The session transcript is attached. <br>
<br>
2. The following is probably unrelated to the topology plugin: <br>
I installed a replica with --setup-ca option. Then, on this
replica tried to prepare another replica: <br>
-------------------------------------------------------------------------------------------------------------------------------------------------
<br>
root@f22replica2:/home/ofayans/f22]$ ipa-replica-prepare
--ip-address 192.168.122.141 f22replica3.bagam.net <br>
Directory Manager (existing master) password: <br>
<br>
Preparing replica for f22replica3.bagam.net from
f22replica2.bagam.net <br>
Creating SSL certificate for the Directory Server <br>
Certificate issuance failed <br>
-------------------------------------------------------------------------------------------------------------------------------------------------
<br>
The corresponding line in the dirsrv log: <br>
[09/Jun/2015:09:54:46 -0400] - Entry
"uid=admin,ou=people,o=ipaca" -- attribute "krbExtraData" not
allowed <br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.</pre>
</body>
</html>