Thanks Petr!

Did I understand correctly, that the master branch does not yet contain
patches 0005 and 0006 from Ludwig, only the 0003 patch has been merged?
I must apply them manually to get the full plugin functionality, right?

On 05/26/2015 11:00 AM, Petr Vobornik wrote:
> On 05/25/2015 03:56 PM, Oleg Fayans wrote:
>> Hi,
>> Playing around with the replication topology plugin, I've noticed a
>> couple of issues:
>> 1. around 50% of attempts to setup a replica of a freeipa master with
>> topology plugin enabled (domain level set to 1.0) end up with the
>> following error message in the stdoutput:
>>    [error] RuntimeError: One of the ldap service principals is missing.
>> Replication agreement cannot be converted.
>> Replication error message: Unable to acquire replicaLDAP error: No such
>> object
>> I am not sure whether the reason is in the Topology Plugin itself or in
>> some of the latest changes in upstream, though.
> I have the same experience. It seems that data from master were
> replicated to new replica but new replica entries(host, services) were
> not replicated back to master.
> The installation then hangs on replica's check if its ldap service
> principal is on master.
> New ticket:
>> 2. Whenever this happens, master retains the information about the new
>> topology segment, even despite the replica setup was unsuccessful. IMHO,
>> we should have a way to notify the master about replica setup
>> faiures/aborts so that the master would automatically erase the
>> corresponding freshly-created segments in such cases.
> Not sure if we can rely on that because the chosen communication
> mechanism(what ever it might be) might suffer from the same root cause
> as the replica installation.
>> 3. After this happens user is unable to delete the replication agreement
>> with the standard `ipa-replica-manage del` way:
>> $ ipa-replica-manage del --force
>> Connection to '' failed: [Errno -2] Name or service
>> not known
>> Forcing removal of
>> Skipping calculation to determine if one or more masters would be
>> orphaned.
>> Deleting replication agreements between and
>> Failed to get list of agreements from '': [Errno -2]
>> Name or service not known
>> Forcing removal on ''
>> Any DNA range on '' will be lost
>> There were issues removing a connection for from
>> Server is unwilling to perform: Entry is managed by
>> topology plugin.Deletion not allowed.
>> Failed to cleanup entries: Not allowed on non-leaf
>> entry
> this line was fixed by .
> When this succeeds (master entry is deleted), topology plugin should
> delete the rest. I.e., with this patch I was able to delete the replica.
> That said, the output might want some love.
>> You may need to manually remove them from the tree
>> Failed to cleanup DNS entries: no matching entry
>> found
>> You may need to manually remove them from the tree
>> IIRC upon one of the early discussions with Ludwig, this is yet to be
>> implemented.

Oleg Fayans
Quality Engineer
FreeIPA team

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA:

Reply via email to