[Freeipa-devel] disabling topology segment has no effect

Oleg Fayans ofayans at redhat.com
Wed Jun 17 15:07:35 UTC 2015 


On 06/17/2015 04:59 PM, Ludwig Krispenz wrote:
>
> On 06/17/2015 04:46 PM, Oleg Fayans wrote:
>> Hi Ludwig,
>>
>> On 06/17/2015 04:15 PM, Ludwig Krispenz wrote:
>>>
>>> On 06/17/2015 03:37 PM, Oleg Fayans wrote:
>>>> Hi Ludwig, Petr,
>>>>
>>>> Presently I have noticed that disabling a segment, using `ipa 
>>>> topologysegment-mod realm replica1-to-replica2
>>>> --enabled=off` does not have effect on the way the data is replicated.
>>>>
>>>> I mean that if we have the following tolopogy:
>>>> master <-> replica1 <-> replica2
>>> on which server did you apply the mod ?
>> On master.
> just to be clear, you have master <-> replica1 <-> replica2
> on master you disable replica1-replica2
> why would you expect mods on master not to be replicated ? at least to 
> replica1 ?
> the disable should only effect the connection between r1 and r2.
> There is one problem in this linear topology, the disable reaches r1, 
> it disables the agmt to r2 and so fails to replicate  the disable to r2.

To be precise, my topology is as follows

master <-> replica3 <-> replica2 <-> replica1
And I disabled the replica3 <-> replica2. So I expected the changes on 
master to be only visible on master and replica3, but actually it kept 
replicating to all nodes.

root at f22replica1:/home/ofayans]$ ipa topologysegment-find realm
------------------
3 segments matched
------------------
   Segment name: f22master.bagam.net-to-f22replica3.bagam.net
   Left node: f22master.bagam.net
   Right node: f22replica3.bagam.net
   Connectivity: both

   Segment name: replica1-to-replica2
   Left node: f22replica1.bagam.net
   Right node: f22replica2.bagam.net
   Connectivity: both

   Segment name: replica3-to-replica2
   Left node: f22replica3.bagam.net
   Right node: f22replica2.bagam.net
   Connectivity: both
----------------------------
Number of entries returned 3
----------------------------
root at f22replica1:/home/ofayans]$ ipa topologysegment-show realm 
replica3-to-replica2
   Segment name: replica3-to-replica2
   Left node: f22replica3.bagam.net
   Right node: f22replica2.bagam.net
   Connectivity: both
   Replication agreement enabled: off


>
>> It reproduces though even in a situation with the topology
>> replica3 <-> master <-> replica1 <-> replica2 and you disable the 
>> replica1-replica2 segment on replica3 (quite expectedly)
>>>> and disable one of the segments, one would expect the changes 
>>>> implemented on master would not be replicated to other nodes (or do 
>>>> I misunderstand the concept of disabling a segment?). However, in 
>>>> reality any changes in master do get replicated despite the segment 
>>>> is disabled.
>>>>
>>>> Is it a correct behavior?
>>>>
>>>> The second question is: if disabled segments should not let the 
>>>> changes through, then we probably should implement a check for 
>>>> topology disconnection in similar way as `ipa topologysegment-del` 
>>>> does. I mean, whenever a user tries to disable a segment, the 
>>>> plugin should probably check whether it disconnects any of the nodes.
>>> well, I think disabling should be temporary, you want to disconnect 
>>> for some time. eg for debugging, not deleting the agreement 
>>> completely, I would allow this.
>>>
>>
>

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

More information about the Freeipa-devel mailing list