[Freeipa-devel] [PATCH] [WIP] ipa-replica-manage del with managed topology

Fri Jun 12 07:24:10 UTC 2015

Hi Petr,
On 06/11/2015 06:34 PM, Petr Vobornik wrote:
> Attaching a wip patch for `ipa-replica-manage del` to work with 
> managed topology.
>
> There are two prerequisite patches, they add following commands. All 
> commands has NO_CLI flag which means they are hidden in CLI.
> - server-del
> - serverservice-add, mod, del, show, find
>
> serverservice is object name for server "services" in cn=masters. I 
> don't like the "service" name much but it's already been used in 
> general discussions.
>
> The main patch introduces two distinct methods for deleting servers, 
> one for managed topology another for the old method. They share some 
> code.
>
> There are some differences in behavior.
>
> 1. the original 'del' worked also with winsync agreements. I'm not 
> sure why is that. Shouldn't 'disconnect' be used for winsync 
> agreements? At least man page says that.
>
> 2. options --clean and --force aren't used in the new method. I don't 
> think that they are required. They serve for deleting the server entry 
> in cn=masters.  The new method is build around this deletion so that 
> it's always done which also means the cleanup is done.
>
> 3. Clean RUV task is run after deleting server entry and related 
> cleanup. I don't think it works well. From observing the changes, it 
> looks like it's executed before topology plugin manages to delete the 
> agreements. This task then doesn't want to end and it reports that it 
> has not finished somewhere. It finishes successfully if dirsrv is 
> restarted. Agreements are then removed as well and all is fine.
>
> Ludwig, should the clean RUV step be done differently? E.g. somewhere 
> else or after something finishes?
good question, investigateing the cleanallruv problems was on my agenda 
after the topology plugin is "stable". We have seen many issues (eg 
corrupted ruvs), where we don't know why they exist in DS and if 
anything in the management code of ipa is contributing to this. So I can 
not really recommend a "best practice" at the moment.
Regarding required changes in the manage-del, I think the problem is 
that without the topo plugin the agreement was deleted, then cleanallruv 
was started (it no longer tried to contact the removed replica and 
didn't get contacted by that replica). Now the direct deletion of the 
agreement is rejected and the cleanallruv will act in the full topology, 
so it probably should be done after the server was removed.

You call server_del before calling replica_cleanup (which also deletes 
the server). I don't see the deletion of the services before server_del, 
so this should fail since it has children.