[Freeipa-devel] [PATCH] 968 don't allow reconnection to deleted master
Martin Kosek
mkosek at redhat.com
Mon Feb 27 13:47:49 UTC 2012
On Sat, 2012-02-25 at 17:43 -0500, Rob Crittenden wrote:
> This patch does two things:
>
> 1. Prompts when deleting a master to make clear that this is irreversible
> 2. Does not allow a deleted master to be reconnected.
>
> Reconnecting to a deleted master causes all heck to break loose because
> we delete principals as part of deletion process. If you reconnect to a
> deleted master then we replicate those deletes and the connected master
> is now unusable (no principals).
>
> A simple test is:
>
> Install master
> Install replica
> ipa-replica-manage del replica
> ipa-replica-manage connect replica
> ipa-server-uninstall -U on replica
> re-install replica
>
> The re-install should be successful.
>
> rob
Generally, it looks and works well. I just miss some unattended way to
deleted a replica, from other script for example.
I think we may either re-use --force flag for this purpose or introduce
an --unattended flag.
I also found an issue with S4U2Proxy memberPrincipal added for each
replica. Since the memberPrincipal values for deleted replica are not
removed when a replica is being deleted, ipa-replica-install reports a
(benign) error when it tries to add a duplicate value afterwards. I
filed a ticket for this one:
https://fedorahosted.org/freeipa/ticket/2451
Martin
More information about the Freeipa-devel
mailing list