<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi everybody,<br>
<br>
Current implementation of topology plugin (including patch 878 from
Petr) allows the deletion of the central node in the star topology.<br>
I had the following topology:<br>
<br>
vm056 vm036<br>
\ / |<br>
vm175 |<br>
/ \ |<br>
vm127 vm244<br>
<br>
I was able to remove node vm175 from node vm244:<br>
<br>
[17:54:48]ofayans@vm-244:~]$ ipa-replica-manage del
vm-175.idm.lab.eng.brq.redhat.com <br>
Topology after removal of vm-175.idm.lab.eng.brq.redhat.com will be
disconnected:<br>
Server vm-036.idm.lab.eng.brq.redhat.com can't contact servers:
vm-056.idm.lab.eng.brq.redhat.com, vm-127.idm.lab.eng.brq.redhat.com<br>
Server vm-056.idm.lab.eng.brq.redhat.com can't contact servers:
vm-244.idm.lab.eng.brq.redhat.com,
vm-036.idm.lab.eng.brq.redhat.com, vm-127.idm.lab.eng.brq.redhat.com<br>
Server vm-127.idm.lab.eng.brq.redhat.com can't contact servers:
vm-244.idm.lab.eng.brq.redhat.com,
vm-056.idm.lab.eng.brq.redhat.com, vm-036.idm.lab.eng.brq.redhat.com<br>
Server vm-244.idm.lab.eng.brq.redhat.com can't contact servers:
vm-056.idm.lab.eng.brq.redhat.com, vm-127.idm.lab.eng.brq.redhat.com<br>
Continue to delete? [no]: yes<br>
Waiting for removal of replication agreements<br>
unexpected error: limits exceeded for this query<br>
<br>
I would expect this operation to delete 4 replication agreements on
all nodes:<br>
vm056 - vm175<br>
vm127 - vm175<br>
vm244 - vm175<br>
vm036 - vm175<br>
<br>
However an arbitrary set of replication agreements was deleted on
each node leading to total infrastructure inconsistency:<br>
===============================================================<br>
vm056<b> </b>thought the topology was as follows:<br>
vm056 vm036<br>
/ |<br>
vm175 |<br>
/ \ |<br>
vm127 vm244<br>
[10:28:55]ofayans@vm-056:~]$ ipa topologysegment-find realm<br>
------------------<br>
4 segments matched<br>
------------------<br>
Segment name: 036-to-244<br>
Left node: vm-036.idm.lab.eng.brq.redhat.com<br>
Right node: vm-244.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name:
vm-036.idm.lab.eng.brq.redhat.com-to-vm-175.idm.lab.eng.brq.redhat.com<br>
Left node: vm-036.idm.lab.eng.brq.redhat.com<br>
Right node: vm-175.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name:
vm-127.idm.lab.eng.brq.redhat.com-to-vm-175.idm.lab.eng.brq.redhat.com<br>
Left node: vm-127.idm.lab.eng.brq.redhat.com<br>
Right node: vm-175.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name:
vm-175.idm.lab.eng.brq.redhat.com-to-vm-244.idm.lab.eng.brq.redhat.com<br>
Left node: vm-175.idm.lab.eng.brq.redhat.com<br>
Right node: vm-244.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
----------------------------<br>
Number of entries returned 4<br>
----------------------------<br>
===============================================================<br>
both vm036<b> </b>vm244 thought the topology was as follows:<br>
vm056 vm036<br>
\ |<br>
vm175 |<br>
/ |<br>
vm127 vm244<br>
<br>
[10:26:23]ofayans@vm-036:~]$ ipa topologysegment-find<br>
Suffix name: realm<br>
------------------<br>
3 segments matched<br>
------------------<br>
Segment name: 036-to-244<br>
Left node: vm-036.idm.lab.eng.brq.redhat.com<br>
Right node: vm-244.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name:
vm-056.idm.lab.eng.brq.redhat.com-to-vm-175.idm.lab.eng.brq.redhat.com<br>
Left node: vm-056.idm.lab.eng.brq.redhat.com<br>
Right node: vm-175.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name:
vm-127.idm.lab.eng.brq.redhat.com-to-vm-175.idm.lab.eng.brq.redhat.com<br>
Left node: vm-127.idm.lab.eng.brq.redhat.com<br>
Right node: vm-175.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
----------------------------<br>
Number of entries returned 3<br>
----------------------------<br>
<br>
===============================================================<br>
<b> </b>vm127 thought the topology was as follows:<br>
vm056 vm036<br>
\ / |<br>
vm175 |<br>
\ |<br>
vm127 vm244<br>
<br>
[10:31:08]ofayans@vm-127:~]$ ipa topologysegment-find realm<br>
------------------<br>
4 segments matched<br>
------------------<br>
Segment name: 036-to-244<br>
Left node: vm-036.idm.lab.eng.brq.redhat.com<br>
Right node: vm-244.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name:
vm-036.idm.lab.eng.brq.redhat.com-to-vm-175.idm.lab.eng.brq.redhat.com<br>
Left node: vm-036.idm.lab.eng.brq.redhat.com<br>
Right node: vm-175.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name:
vm-056.idm.lab.eng.brq.redhat.com-to-vm-175.idm.lab.eng.brq.redhat.com<br>
Left node: vm-056.idm.lab.eng.brq.redhat.com<br>
Right node: vm-175.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name:
vm-175.idm.lab.eng.brq.redhat.com-to-vm-244.idm.lab.eng.brq.redhat.com<br>
Left node: vm-175.idm.lab.eng.brq.redhat.com<br>
Right node: vm-244.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
----------------------------<br>
Number of entries returned 4<br>
----------------------------<br>
<br>
If I, for example, add a segment connecting vm127 and vm244, these
two nodes will not synchronize the topology info:<br>
<br>
[10:51:03]ofayans@vm-127:~]$ ipa topologysegment-add realm
127-to-244 --leftnode=vm-127.idm.lab.eng.brq.redhat.com
--rightnode=vm-244.idm.lab.eng.brq.redhat.com --direction=both<br>
--------------------------<br>
Added segment "127-to-244"<br>
--------------------------<br>
Segment name: 127-to-244<br>
Left node: vm-127.idm.lab.eng.brq.redhat.com<br>
Right node: vm-244.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
[10:53:33]ofayans@vm-127:~]$ ipa topologysegment-find realm<br>
------------------<br>
5 segments matched<br>
------------------<br>
Segment name: 036-to-244<br>
Left node: vm-036.idm.lab.eng.brq.redhat.com<br>
Right node: vm-244.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name: 127-to-244<br>
Left node: vm-127.idm.lab.eng.brq.redhat.com<br>
Right node: vm-244.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name:
vm-036.idm.lab.eng.brq.redhat.com-to-vm-175.idm.lab.eng.brq.redhat.com<br>
Left node: vm-036.idm.lab.eng.brq.redhat.com<br>
Right node: vm-175.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name:
vm-056.idm.lab.eng.brq.redhat.com-to-vm-175.idm.lab.eng.brq.redhat.com<br>
Left node: vm-056.idm.lab.eng.brq.redhat.com<br>
Right node: vm-175.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name:
vm-175.idm.lab.eng.brq.redhat.com-to-vm-244.idm.lab.eng.brq.redhat.com<br>
Left node: vm-175.idm.lab.eng.brq.redhat.com<br>
Right node: vm-244.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
----------------------------<br>
Number of entries returned 5<br>
----------------------------<br>
[10:54:02]ofayans@vm-127:~]$ <br>
<br>
=============================================================<br>
<br>
[10:49:38]ofayans@vm-244:~]$ ipa topologysegment-find realm<br>
------------------<br>
3 segments matched<br>
------------------<br>
Segment name: 036-to-244<br>
Left node: vm-036.idm.lab.eng.brq.redhat.com<br>
Right node: vm-244.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name: 127-to-244<br>
Left node: vm-127.idm.lab.eng.brq.redhat.com<br>
Right node: vm-244.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
<br>
Segment name:
vm-056.idm.lab.eng.brq.redhat.com-to-vm-175.idm.lab.eng.brq.redhat.com<br>
Left node: vm-056.idm.lab.eng.brq.redhat.com<br>
Right node: vm-175.idm.lab.eng.brq.redhat.com<br>
Connectivity: both<br>
----------------------------<br>
Number of entries returned 3<br>
----------------------------<br>
[10:56:34]ofayans@vm-244:~]$ <br>
<br>
<big>Conclusion:</big><br>
We either should completely prohibit the removal of the middle nodes
(I mean, nodes that hide another active nodes),<br>
or at the removal stage first recalculate the resulting topology and
send it to all nodes before actual removal.<br>
<pre class="moz-signature" cols="72">--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.</pre>
</body>
</html>