[Freeipa-devel] disabling topology segment has no effect

[Simo Sorce]

On Wed, 2015-06-17 at 16:15 +0200, Ludwig Krispenz wrote:
> On 06/17/2015 03:37 PM, Oleg Fayans wrote:
> > Hi Ludwig, Petr,
> >
> > Presently I have noticed that disabling a segment, using `ipa 
> > topologysegment-mod realm replica1-to-replica2
> > --enabled=off` does not have effect on the way the data is replicated.
> >
> > I mean that if we have the following tolopogy:
> > master <-> replica1 <-> replica2
> on which server did you apply the mod ?
> > and disable one of the segments, one would expect the changes 
> > implemented on master would not be replicated to other nodes (or do I 
> > misunderstand the concept of disabling a segment?). However, in 
> > reality any changes in master do get replicated despite the segment is 
> > disabled.
> >
> > Is it a correct behavior?
> >
> > The second question is: if disabled segments should not let the 
> > changes through, then we probably should implement a check for 
> > topology disconnection in similar way as `ipa topologysegment-del` 
> > does. I mean, whenever a user tries to disable a segment, the plugin 
> > should probably check whether it disconnects any of the nodes.
> well, I think disabling should be temporary, you want to disconnect for 
> some time. eg for debugging, not deleting the agreement completely, I 
> would allow this.

Too dangerous, I would honestly not even offer the option to disable
anything via the framework for now.

Do we really want to allow an admin to cause split brains ?
If an admin forgets to re-enable a segment pretty quickly you get in a
very undesirable state if that segment caused a split brain.

It may make sense if it were some time-based command, where you must
enter a (short) time period when the segment is disabled, so that it
re-enabled automatically when the window expires, but that is not
something we are getting in the short term.

My 2c,
Simo.

-- 
Simo Sorce * Red Hat, Inc * New York