On 06/03/2015 12:23 PM, Ludwig Krispenz wrote:
On 06/03/2015 11:51 AM, Oleg Fayans wrote:
did you test with all the latest patches applied ? In your issues you
refer to crashes, the crashes reported should be resolved, if you
still have crashes, pleas provide a core dump or scenario to reproduce
I confirm every point of this.
With patch0009 ipa-replica-manage del worked for me
Yep, patch 0009 is applied.
The full list of patches applied on top of the master branch (at it's
state yesterday at 10 PM) is as follows:
The scenario is pretty basic:
1. 3 fedora-21 vms with the latest directory server packages from
2. setup master on one of them, prepare gpg files for two replicas
3. setup replicas using these gpg files.
4. Try to remove one of the replicas using command `ipa topologysegment-del`
5. Try to create a new user via web UI on any of the replicas
On 06/03/2015 11:37 AM, Martin Babinsky wrote:
Furthermore, any attempts to delete a segment (even a properly setup
one) lead to the same very error.
I have been playing with the topology related patches and I have
encountered a few issues that I would like to address in this thread:
1.) When replica install for whatever reason crashes _after_ the
setup of replication agreements etc., it leaves the topology plugin
with dangling segment pointing to the dysfunctional node. An attempt
to delete it leads to:
ipa: ERROR: Server is unwilling to perform: Removal of Segment
disconnects topology.Deletion not allowed.
And you cannot reinstall the crashed replica because it complains
about existing replication agreements. It would probably help to be
able to force-remove the segments if one of the endpoints doesn't
2.) I was not able to figure out a way remove replica from the
topology without explosions or tampering
'cn=masters,cn=ipa,cn=etc,$SUFFIX'. Obviously ipa-replica-manage del
doesn't work anymore (I have tried just for fun, it leads to SIGSEGV
of the host's dirsrv and leaves dangling segments to offending
replica, leading to point 1).
I managed to remove replica from the topology only by directly
uninstalling FreeIPA on the node and then deleting its' host entry
from 'cn=masters'. Only after this was the plugin able to
automagically removed the segments pointing to/from removed node.
The design page suggests that it should be enough to uninstall IPA
server on the replica. The plugin would then pick-up the dangling
segments and remove them automatically. However, this behavior seems
to require additional modification of the uninstall procedure (e.g.
the uninstalling replica should remove its' entry from cn=masters).
3.) It seems that the removal of topology suffixes containing
functioning segments is not handled well. I once tried to do this
and it led to segmentation fault on the dirsrv instance. What is the
expected behavior in this scenario?
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code