[Freeipa-devel] [PATCH] 1088 Recover DNA ranges when deleting a master

Wed Mar 13 10:03:33 UTC 2013

On 03/12/2013 06:50 PM, Rob Crittenden wrote:
> Petr Viktorin wrote:
>> On 03/11/2013 05:00 PM, Rob Crittenden wrote:
>>> Petr Viktorin wrote:
>>>> On 03/07/2013 08:27 PM, Rob Crittenden wrote:
>>>>> Petr Viktorin wrote:
>>>>>> On 03/06/2013 09:52 PM, Rob Crittenden wrote:
>>>>>>> Petr Viktorin wrote:
>>>>>> [...]
>>>>>>>> On new installs, the ACI on cn=Posix IDs,cn=Distributed Numeric
>>>>>>>> Assignment Plugin,cn=plugins,cn=config is added before the entry
>>>>>>>> itself.
>>>>>>>> I didn't test everything as I didn't get the access.
>>>>>>>
>> [...]
>>>>> Gotcha. I moved where the replica acis are loaded.
>>
>> Thanks! Everything works now, I just found two issues in error reporting.
>>
>> I set up three masters like this:
>>
>> $ ipa-replica-manage dnarange-show
>> vm-084.idm.lab.eng.brq.redhat.com: 1109050002-1109099999
>> vm-081.idm.lab.eng.brq.redhat.com: 1109012501-1109024999
>> vm-079.idm.lab.eng.brq.redhat.com: 1109025001-1109049999
>> $ ipa-replica-manage dnanextrange-show
>> vm-084.idm.lab.eng.brq.redhat.com: 1109000000-1109012499
>> vm-081.idm.lab.eng.brq.redhat.com: 1109190000-1109190001
>> vm-079.idm.lab.eng.brq.redhat.com: No on-deck range set
>>
>> vm-079 is git master, the other two have the patch applied.
>>
>> Now when I deleted vm-081, there was no indication which ranges I lost:
>>
>> vm-084$ ipa-replica-manage del vm-081.idm.lab.eng.brq.redhat.com
>> Deleting a master is irreversible.
>> To reconnect to the remote master you will need to prepare a new replica
>> file
>> and re-install.
>> Continue to delete? [no]: y
>> Deleting replication agreements between
>> vm-081.idm.lab.eng.brq.redhat.com and vm-084.idm.lab.eng.brq.redhat.com
>> ipa: INFO: Setting agreement
>> cn=meTovm-084.idm.lab.eng.brq.redhat.com,cn=replica,cn=dc\=idm\,dc\=lab\,dc\=eng\,dc\=brq\,dc\=redhat\,dc\=com,cn=mapping
>>
>> tree,cn=config schedule to 2358-2359 0 to force synch
>> ipa: INFO: Deleting schedule 2358-2359 0 from agreement
>> cn=meTovm-084.idm.lab.eng.brq.redhat.com,cn=replica,cn=dc\=idm\,dc\=lab\,dc\=eng\,dc\=brq\,dc\=redhat\,dc\=com,cn=mapping
>>
>> tree,cn=config
>> ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica
>> acquired successfully: Incremental update succeeded: start: 0: end: 0
>> Unable to remove agreement on vm-081.idm.lab.eng.brq.redhat.com:
>> Insufficient access: Insufficient 'write' privilege to the
>> 'dnaNextRange' attribute of entry 'cn=posix ids,cn=distributed numeric
>> assignment plugin,cn=plugins,cn=config'.
>> Forcing removal on 'vm-084.idm.lab.eng.brq.redhat.com'
>> Any DNA range on 'vm-081.idm.lab.eng.brq.redhat.com' will be lost
>> Deleted replication agreement from 'vm-084.idm.lab.eng.brq.redhat.com'
>> to 'vm-081.idm.lab.eng.brq.redhat.com'
>> Background task created to clean replication data. This may take a while.
>> This may be safely interrupted with Ctrl+C
>
> Fixed.
>
>> One more detail: Ranges where start==end are invalid. We should fail the
>> same way as for start>end.
>>
>> $ ipa-replica-manage dnanextrange-set vm-081.idm.lab.eng.brq.redhat.com
>> 677100401-677100401
>> ipa: INFO: Unhandled LDAPError: {'info': 'Changes result in an invalid
>> DNA configuration.', 'desc': 'Server is unwilling to perform'}
>> Updating next range failed: Server is unwilling to perform: Changes
>> result in an invalid DNA configuration.
>>
>>
>
> done
>
> rob

ACK

-- 
Petr³