On Sat, 2012-02-25 at 17:43 -0500, Rob Crittenden wrote:
> This patch does two things:
> 
> 1. Prompts when deleting a master to make clear that this is irreversible
> 2. Does not allow a deleted master to be reconnected.
> 
> Reconnecting to a deleted master causes all heck to break loose because 
> we delete principals as part of deletion process. If you reconnect to a 
> deleted master then we replicate those deletes and the connected master 
> is now unusable (no principals).
> 
> A simple test is:
> 
> Install master
> Install replica
> ipa-replica-manage del replica
> ipa-replica-manage connect replica
> ipa-server-uninstall -U on replica
> re-install replica
> 
> The re-install should be successful.
> 
> rob

Generally, it looks and works well. I just miss some unattended way to
deleted a replica, from other script for example.

I think we may either re-use --force flag for this purpose or introduce
an --unattended flag.

I also found an issue with S4U2Proxy memberPrincipal added for each
replica. Since the memberPrincipal values for deleted replica are not
removed when a replica is being deleted, ipa-replica-install reports a
(benign) error when it tries to add a duplicate value afterwards. I
filed a ticket for this one:

https://fedorahosted.org/freeipa/ticket/2451

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to