[Freeipa-devel] Topology plugin quirks

Ludwig Krispenz lkrispen at redhat.com
Wed Jun 3 10:31:18 UTC 2015 

On 06/03/2015 11:37 AM, Martin Babinsky wrote:
> Hi everyone,
>
> I have been playing with the topology related patches and I have 
> encountered a few issues that I would like to address in this thread:
>
> 1.) When replica install for whatever reason crashes _after_ the setup 
> of replication agreements etc., it leaves the topology plugin with 
> dangling segment pointing to the dysfunctional node. An attempt to 
> delete it leads to:
>
> """
> ipa: ERROR: Server is unwilling to perform: Removal of Segment 
> disconnects topology.Deletion not allowed.
if the endpoints of the segments are still in the managed master list 
and there is no other path connecting these two nodes the behaviour is 
correct.
you need to remove the master first, teh segment should be removed 
automatically.
ipa-replica-manage del should do this, it worked for me  with the latest 
patches.

can you provide a scenario where it fails ?
> """
>
> And you cannot reinstall the crashed replica because it complains 
> about existing replication agreements. It would probably help to be 
> able to force-remove the segments if one of the endpoints doesn't 
> exist/respond.
>
> 2.) I was not able to figure out a way remove replica from the 
> topology without explosions or tampering 
> 'cn=masters,cn=ipa,cn=etc,$SUFFIX'. Obviously ipa-replica-manage del 
> doesn't work anymore (I have tried just for fun, it leads to SIGSEGV 
> of the host's dirsrv and leaves dangling segments to offending 
> replica, leading to point 1).
>
> I managed to remove replica from the topology only by directly 
> uninstalling FreeIPA on the node and then deleting its' host entry 
> from 'cn=masters'. Only after this was the plugin able to 
> automagically removed the segments pointing to/from removed node.
>
> The design page suggests that it should be enough to uninstall IPA 
> server on the replica. The plugin would then pick-up the dangling 
> segments and remove them automatically. However, this behavior seems 
> to require additional modification of the uninstall procedure (e.g. 
> the uninstalling replica should remove its' entry from cn=masters).
>
> 3.) It seems that the removal of topology suffixes containing 
> functioning segments is not handled well. I once tried to do this and 
> it led to segmentation fault on the dirsrv instance. What is the 
> expected behavior in this scenario?
>

More information about the Freeipa-devel mailing list