[Freeipa-devel] [PATCH] 1051 Fix CS replica management

Rob Crittenden rcritten at redhat.com
Wed Oct 10 13:03:20 UTC 2012 

Jan Cholasta wrote:
> On 9.10.2012 21:31, Rob Crittenden wrote:
>> Martin Kosek wrote:
>>> On 10/08/2012 05:12 PM, Jan Cholasta wrote:
>>>> Hi,
>>>>
>>>> On 20.9.2012 19:38, Rob Crittenden wrote:
>>>>> Jan Cholasta wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Dne 31.8.2012 19:43, Rob Crittenden napsal(a):
>>>>>>> The naming in CS replication agreements is different from IPA
>>>>>>> agreements, we have to live with what the create. The master side
>>>>>>> should
>>>>>>> be on the local side, replica1, not the remote. This required
>>>>>>> reversing
>>>>>>> a few master variables.
>>>>>>>
>>>>>>> Pass in the force flag to del_link.
>>>>>>>
>>>>>>> Do a better job of finding the agreements on each side.
>>>>>>>
>>>>>>> This should be ipa-csreplica-manage more in line with
>>>>>>> ipa-replica-manage.
>>>>>>>
>>>>>>> rob
>>>>>>>
>>>>>>
>>>>>> Rob, can you please rebase the patch on top of current master? There
>>>>>> were some dogtag 10 related changes to ipa-csreplica-manage since you
>>>>>> posted the patch.
>>>>>>
>>>>>> Honza
>>>>>>
>>>>>
>>>>> I re-tested after the merge and found some problems with my initial
>>>>> approach. The problem stems from the naming convention that dogtag
>>>>> uses
>>>>> when creating the initial agreements. It is hard to predict how things
>>>>> were set up later so rather than trying to reconstruct the DN we
>>>>> search
>>>>> for it and pass it when deleting agreements.
>>>>>
>>>>> rob
>>>>
>>>> So far I have found this:
>>>>
>>>>    * Deleting a "bridge" link that connects two "islands" of replicas
>>>> works, but
>>>> it should not (I was told that this is expected, as no complex graph
>>>> algorithms
>>>> are engaged to detect this kind of errors).
>>>
>>> Exactly, I hit this error when I was a similar Rob's patch for
>>> ipa-replica-manage (ticket 2797). I used topology "A - B - C - D - E"
>>> and I was
>>> able to delete C. We may want to log an enhancement ticket for this.
>>>
>>> Martin
>>>
>>
>> Right, and ipa-csreplica-manage doesn't even have the basic last_link
>> checking code that ipa-replica-manage has, nor the ruv code. We decided
>> to push that to a future release.
>>
>> This patch should fix up the basics.
>>
>> rob
>
> This fixes everything except I'm still unable to delete a master from a
> master that is not directly connected to it. If this is OK, then ACK.
>
> Honza
>

The equivalent happens in ipa-replica-manage. I filed 
https://fedorahosted.org/freeipa/ticket/3160 to track this.

Pushed to master and ipa-3-0

thanks

rob

More information about the Freeipa-devel mailing list