[Freeipa-devel] [PATCH] 1051 Fix CS replica management
Jan Cholasta
jcholast at redhat.com
Mon Oct 8 15:12:12 UTC 2012
Hi,
On 20.9.2012 19:38, Rob Crittenden wrote:
> Jan Cholasta wrote:
>> Hi,
>>
>> Dne 31.8.2012 19:43, Rob Crittenden napsal(a):
>>> The naming in CS replication agreements is different from IPA
>>> agreements, we have to live with what the create. The master side should
>>> be on the local side, replica1, not the remote. This required reversing
>>> a few master variables.
>>>
>>> Pass in the force flag to del_link.
>>>
>>> Do a better job of finding the agreements on each side.
>>>
>>> This should be ipa-csreplica-manage more in line with
>>> ipa-replica-manage.
>>>
>>> rob
>>>
>>
>> Rob, can you please rebase the patch on top of current master? There
>> were some dogtag 10 related changes to ipa-csreplica-manage since you
>> posted the patch.
>>
>> Honza
>>
>
> I re-tested after the merge and found some problems with my initial
> approach. The problem stems from the naming convention that dogtag uses
> when creating the initial agreements. It is hard to predict how things
> were set up later so rather than trying to reconstruct the DN we search
> for it and pass it when deleting agreements.
>
> rob
So far I have found this:
* Deleting a "bridge" link that connects two "islands" of replicas
works, but it should not (I was told that this is expected, as no
complex graph algorithms are engaged to detect this kind of errors).
* I have 5 masters, master1 to master5 (master1 was installed by
ipa-server-install, the rest by ipa-replica-install & ipa-ca-install). I
have created this replication topology:
master3 - master2 - master1 - master4 - master5
from the initial replication topology:
master2 master4
> master1 <
master3 master5
by issuing:
# ipa-csreplica-manage connect master2 master3
# ipa-csreplica-manage disconnect master1 master3
# ipa-csreplica-manage connect master4 master5
# ipa-csreplica-manage disconnect master1 master5
* When I do:
# ipa-csreplica-manage disconnect master3 master5
it complains that "cannot remove the last replication link of
'master5", but there is no replication link between the two hosts. The
problem persists even if I temporarily connect and disconnect the two
hosts before trying to disconnect them again. If I connect master2 to
master5 or master3 to master4 (or both of these), the problem goes away.
* When I do:
# ipa-csreplica-manage del master1
on master1, it complains that "'master1' has no replication
agreement for 'master1'". When I do it on master2, it complains that
"There were issues removing a connection: expected string or buffer"
(this seems to happen every time the del command should in fact succeed,
so it is probably broken).
Investigating this further, I found that it is possible to delete
masters only from a master that is directly connected to it. Shouldn't
it be possible to delete masters from anywhere (as it is possible to
add/delete links from anywhere)?
* Any of these commands can be repeated infinitely:
# ipa-csreplica-manage connect master1 master2
# ipa-csreplica-manage connect master2 master3
# ipa-csreplica-manage connect master1 master4
# ipa-csreplica-manage connect master4 master5
i.e. the "replication agreement already exists" check is not
effective at all. An attempt to disconnect master2 from master3 or
master4 from master5 always fails with "Cannot remove the last
replication link of <master>", no matter how many times connect was
called before.
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list