[Freeipa-devel] user deletion in offline mode does not get replicated after node recovery

Oleg Fayans ofayans at redhat.com
Tue Jun 16 14:49:11 UTC 2015 

Hi all,

I've bumped into a strange problem with only a part of changes 
implemented on master during replica outage get replicated after replica 
recovery.

Namely: when I delete an existing user on the master while the node is 
offline, these changes do not get to the node when it's back online. 
User creation, however, gets replicated as expected.

Steps to reproduce:

1. Create the following tolopogy:

replica1 <-> master <-> replica2 <-> replica3

2. Create user1 on master, make sure it appears on all replicas
3. Turn off replica2
4. On master delete user1 and create user2, make sure the changes get 
replicated to replica1
5. Turn on replica2

Expected results:

A minute or so after repica2 is back up,
1. user1 does not exist neither on replica2 nor on replica3
2. user2 exists both on replica2 and replica3

Actual results:
1. user1 coexist with user2 on replica2 and replica3
2. master and replica1 have only user2


In my case, though, the topology was as follows:
$ ipa topologysegment-find realm
------------------
3 segments matched
------------------
   Segment name: f22master.bagam.net-to-f22replica3.bagam.net
   Left node: f22master.bagam.net
   Right node: f22replica3.bagam.net
   Connectivity: both

   Segment name: replica1-to-replica2
   Left node: f22replica1.bagam.net
   Right node: f22replica2.bagam.net
   Connectivity: both

   Segment name: replica2-to-master
   Left node: f22replica2.bagam.net
   Right node: f22master.bagam.net
   Connectivity: both
----------------------------
Number of entries returned 3
----------------------------
And I was turning off replica2, leaving replica1 offline, but that does 
not really matter.

The dirsrv error message, most likely to be relevant is:
-----------------------------------------------------------------------------------------------------------------------------------------------------
Consumer failed to replay change (uniqueid 
b8242e18-143111e5-b1d0d0c3-ae5854ff, CSN 55802fcf000300040000): 
Operations error (1). Will retry later
-----------------------------------------------------------------------------------------------------------------------------------------------------

I attach dirsrv error and access logs from all nodes, in case they could 
be useful



-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: segment_synchronization.tar.gz
Type: application/gzip
Size: 423288 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150616/7db0c4da/attachment.gz>

More information about the Freeipa-devel mailing list