On Wed, 2012-02-29 at 09:13 -0500, Rob Crittenden wrote: > Martin Kosek wrote: > > On Tue, 2012-02-28 at 16:36 -0500, Rob Crittenden wrote: > >> Martin Kosek wrote: > >>> On Sat, 2012-02-25 at 17:43 -0500, Rob Crittenden wrote: > >>>> This patch does two things: > >>>> > >>>> 1. Prompts when deleting a master to make clear that this is irreversible > >>>> 2. Does not allow a deleted master to be reconnected. > >>>> > >>>> Reconnecting to a deleted master causes all heck to break loose because > >>>> we delete principals as part of deletion process. If you reconnect to a > >>>> deleted master then we replicate those deletes and the connected master > >>>> is now unusable (no principals). > >>>> > >>>> A simple test is: > >>>> > >>>> Install master > >>>> Install replica > >>>> ipa-replica-manage del replica > >>>> ipa-replica-manage connect replica > >>>> ipa-server-uninstall -U on replica > >>>> re-install replica > >>>> > >>>> The re-install should be successful. > >>>> > >>>> rob > >>> > >>> Generally, it looks and works well. I just miss some unattended way to > >>> deleted a replica, from other script for example. > >>> > >>> I think we may either re-use --force flag for this purpose or introduce > >>> an --unattended flag. > >>> > >>> I also found an issue with S4U2Proxy memberPrincipal added for each > >>> replica. Since the memberPrincipal values for deleted replica are not > >>> removed when a replica is being deleted, ipa-replica-install reports a > >>> (benign) error when it tries to add a duplicate value afterwards. I > >>> filed a ticket for this one: > >>> > >>> https://fedorahosted.org/freeipa/ticket/2451 > >>> > >>> Martin > >>> > >> > >> OK, went with --force. > >> > >> rob > > > > The approach should be OK, but the patch you included is wrong. > > > > Martin > > > > OK, this should be right. > > rob
Yup, that's better. ACK. Pushed to master, ipa-2-2. I raised Affects Tests flag in Trac, --force flag need to be added to "ipa-replica-manage del $REPLICA" tests. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel