On 06/09/2015 03:55 PM, Oleg Fayans wrote:
Hi everybody,

The current status of Topology plugin testing is as follows:

1. There is still no proper way of removing the replica.
Standard procedure using `ipa-replica-manage del` throws "Server is unwilling to perform: Entry is managed by topology plugin.Deletion not allowed.".
yes, that is for the first attempt to directly remove the agreement, but when the server is removed the agreements should be removed
The replication agreement though does get deleted,
then it is ok,
but the topology information does not get updated.
what do you mean, where do you check ? in the "remaining" topology the shared tree should be updated, for the removed replica it will not, but this should be uninstalled anyway
When I then issue `ipa topologysegment-del`, it fails due to "ipa: ERROR: Server is unwilling to perform: Removal of Segment disconnects topology.Deletion not allowed."
correct, you can only do it after removal of the server

I tried to disable the segment first and then delete it, but with the segment properly disabled, the attempt to delete it raised a GSS error: "ipa: ERROR: Kerberos error: Kerberos error: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('KDC returned error string: PROCESS_TGS', -1765328324)/". I am not sure, where to search for corresponding logs. The session transcript is attached.

2. The following is probably unrelated to the topology plugin:
I installed a replica with --setup-ca option. Then, on this replica tried to prepare another replica: ------------------------------------------------------------------------------------------------------------------------------------------------- root@f22replica2:/home/ofayans/f22]$ ipa-replica-prepare --ip-address 192.168.122.141 f22replica3.bagam.net
Directory Manager (existing master) password:

Preparing replica for f22replica3.bagam.net from f22replica2.bagam.net
Creating SSL certificate for the Directory Server
Certificate issuance failed
-------------------------------------------------------------------------------------------------------------------------------------------------
The corresponding line in the dirsrv log:
[09/Jun/2015:09:54:46 -0400] - Entry "uid=admin,ou=people,o=ipaca" -- attribute "krbExtraData" not allowed




-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to