[Freeipa-devel] Topology plugin quirks

[Martin Babinsky]

Hi everyone,

I have been playing with the topology related patches and I have 
encountered a few issues that I would like to address in this thread:

1.) When replica install for whatever reason crashes _after_ the setup 
of replication agreements etc., it leaves the topology plugin with 
dangling segment pointing to the dysfunctional node. An attempt to 
delete it leads to:

"""
ipa: ERROR: Server is unwilling to perform: Removal of Segment 
disconnects topology.Deletion not allowed.
"""

And you cannot reinstall the crashed replica because it complains about 
existing replication agreements. It would probably help to be able to 
force-remove the segments if one of the endpoints doesn't exist/respond.

2.) I was not able to figure out a way remove replica from the topology 
without explosions or tampering 'cn=masters,cn=ipa,cn=etc,$SUFFIX'. 
Obviously ipa-replica-manage del doesn't work anymore (I have tried just 
for fun, it leads to SIGSEGV of the host's dirsrv and leaves dangling 
segments to offending replica, leading to point 1).

I managed to remove replica from the topology only by directly 
uninstalling FreeIPA on the node and then deleting its' host entry from 
'cn=masters'. Only after this was the plugin able to automagically 
removed the segments pointing to/from removed node.

The design page suggests that it should be enough to uninstall IPA 
server on the replica. The plugin would then pick-up the dangling 
segments and remove them automatically. However, this behavior seems to 
require additional modification of the uninstall procedure (e.g. the 
uninstalling replica should remove its' entry from cn=masters).

3.) It seems that the removal of topology suffixes containing 
functioning segments is not handled well. I once tried to do this and it 
led to segmentation fault on the dirsrv instance. What is the expected 
behavior in this scenario?

-- 
Martin^3 Babinsky