[Freeipa-devel] [PATCH] 968 don't allow reconnection to deleted master
Rob Crittenden
rcritten at redhat.com
Tue Feb 28 21:36:18 UTC 2012
Martin Kosek wrote:
> On Sat, 2012-02-25 at 17:43 -0500, Rob Crittenden wrote:
>> This patch does two things:
>>
>> 1. Prompts when deleting a master to make clear that this is irreversible
>> 2. Does not allow a deleted master to be reconnected.
>>
>> Reconnecting to a deleted master causes all heck to break loose because
>> we delete principals as part of deletion process. If you reconnect to a
>> deleted master then we replicate those deletes and the connected master
>> is now unusable (no principals).
>>
>> A simple test is:
>>
>> Install master
>> Install replica
>> ipa-replica-manage del replica
>> ipa-replica-manage connect replica
>> ipa-server-uninstall -U on replica
>> re-install replica
>>
>> The re-install should be successful.
>>
>> rob
>
> Generally, it looks and works well. I just miss some unattended way to
> deleted a replica, from other script for example.
>
> I think we may either re-use --force flag for this purpose or introduce
> an --unattended flag.
>
> I also found an issue with S4U2Proxy memberPrincipal added for each
> replica. Since the memberPrincipal values for deleted replica are not
> removed when a replica is being deleted, ipa-replica-install reports a
> (benign) error when it tries to add a duplicate value afterwards. I
> filed a ticket for this one:
>
> https://fedorahosted.org/freeipa/ticket/2451
>
> Martin
>
OK, went with --force.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-968-2-connect.patch
Type: text/x-diff
Size: 2984 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120228/014fe8bf/attachment.bin>
More information about the Freeipa-devel
mailing list