On 01/27/2015 09:05 PM, Martin Kosek wrote:
On 01/27/2015 07:59 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 01/27/2015 08:40 AM, Jan Cholasta wrote:

the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4857>.


Works like a charm, ACK.

Pushed to:
master: deb70d5b13ce0e7ec77debb4aa17d75df4c1dedd
ipa-4-1: 74853b66f092a057c22ee811e945f631e6d65059

Sorry I missed this earlier, but this could be a timebomb.

Ah, and I saw that one as a clear one.

It means that there is some master out there that still has its old
changelog and is waiting to push changes you may not want back to the
restored master(s).

This is a long shot, but doesn't changes done in
prevent other masters to sent updates and actually force them to re-initialize from restored master? Also CCing Thierry.

It would definitely be worth testing a scenario like this:

3 masters, A, B, C.

Backup A

Add a bunch of data

shut down C

Restore A

Re-init B

Confirm that that data you added is gone

Start up C

See what happens. I suspect that data will be re-added.

My understanding is that https://fedorahosted.org/freeipa/ticket/4822 removed the RUV (during restore) from the import ldif file. So in that case C should not be able to replicate to A, because A has no RUV (especially replicageneration). Now it needs to be tested.


If this is the case, should we print big fat warning in ipa-restore "Some of your replication agreements could not be disabled, there are the consequences... yadda yadda yadda... Are you sure you want to continue?"?


Freeipa-devel mailing list

Reply via email to