[Freeipa-devel] [PATCH] 1088 Recover DNA ranges when deleting a master

[Rob Crittenden]

Petr Viktorin wrote:
> On 03/11/2013 05:00 PM, Rob Crittenden wrote:
>> Petr Viktorin wrote:
>>> On 03/07/2013 08:27 PM, Rob Crittenden wrote:
>>>> Petr Viktorin wrote:
>>>>> On 03/06/2013 09:52 PM, Rob Crittenden wrote:
>>>>>> Petr Viktorin wrote:
>>>>> [...]
>>>>>>> On new installs, the ACI on cn=Posix IDs,cn=Distributed Numeric
>>>>>>> Assignment Plugin,cn=plugins,cn=config is added before the entry
>>>>>>> itself.
>>>>>>> I didn't test everything as I didn't get the access.
>>>>>>
> [...]
>>>> Gotcha. I moved where the replica acis are loaded.
>
> Thanks! Everything works now, I just found two issues in error reporting.
>
> I set up three masters like this:
>
> $ ipa-replica-manage dnarange-show
> vm-084.idm.lab.eng.brq.redhat.com: 1109050002-1109099999
> vm-081.idm.lab.eng.brq.redhat.com: 1109012501-1109024999
> vm-079.idm.lab.eng.brq.redhat.com: 1109025001-1109049999
> $ ipa-replica-manage dnanextrange-show
> vm-084.idm.lab.eng.brq.redhat.com: 1109000000-1109012499
> vm-081.idm.lab.eng.brq.redhat.com: 1109190000-1109190001
> vm-079.idm.lab.eng.brq.redhat.com: No on-deck range set
>
> vm-079 is git master, the other two have the patch applied.
>
> Now when I deleted vm-081, there was no indication which ranges I lost:
>
> vm-084$ ipa-replica-manage del vm-081.idm.lab.eng.brq.redhat.com
> Deleting a master is irreversible.
> To reconnect to the remote master you will need to prepare a new replica
> file
> and re-install.
> Continue to delete? [no]: y
> Deleting replication agreements between
> vm-081.idm.lab.eng.brq.redhat.com and vm-084.idm.lab.eng.brq.redhat.com
> ipa: INFO: Setting agreement
> cn=meTovm-084.idm.lab.eng.brq.redhat.com,cn=replica,cn=dc\=idm\,dc\=lab\,dc\=eng\,dc\=brq\,dc\=redhat\,dc\=com,cn=mapping
> tree,cn=config schedule to 2358-2359 0 to force synch
> ipa: INFO: Deleting schedule 2358-2359 0 from agreement
> cn=meTovm-084.idm.lab.eng.brq.redhat.com,cn=replica,cn=dc\=idm\,dc\=lab\,dc\=eng\,dc\=brq\,dc\=redhat\,dc\=com,cn=mapping
> tree,cn=config
> ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica
> acquired successfully: Incremental update succeeded: start: 0: end: 0
> Unable to remove agreement on vm-081.idm.lab.eng.brq.redhat.com:
> Insufficient access: Insufficient 'write' privilege to the
> 'dnaNextRange' attribute of entry 'cn=posix ids,cn=distributed numeric
> assignment plugin,cn=plugins,cn=config'.
> Forcing removal on 'vm-084.idm.lab.eng.brq.redhat.com'
> Any DNA range on 'vm-081.idm.lab.eng.brq.redhat.com' will be lost
> Deleted replication agreement from 'vm-084.idm.lab.eng.brq.redhat.com'
> to 'vm-081.idm.lab.eng.brq.redhat.com'
> Background task created to clean replication data. This may take a while.
> This may be safely interrupted with Ctrl+C

Fixed.

> One more detail: Ranges where start==end are invalid. We should fail the
> same way as for start>end.
>
> $ ipa-replica-manage dnanextrange-set vm-081.idm.lab.eng.brq.redhat.com
> 677100401-677100401
> ipa: INFO: Unhandled LDAPError: {'info': 'Changes result in an invalid
> DNA configuration.', 'desc': 'Server is unwilling to perform'}
> Updating next range failed: Server is unwilling to perform: Changes
> result in an invalid DNA configuration.
>
>

done

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1088-5-dnarange.patch
Type: text/x-diff
Size: 30467 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130312/403a0653/attachment.bin>