On 06/09/2015 03:55 PM, Oleg Fayans wrote:
Hi everybody,
The current status of Topology plugin testing is as follows:
1. There is still no proper way of removing the replica.
Standard procedure using `ipa-replica-manage del` throws "Server is
unwilling to perform: Entry is managed by topology plugin.Deletion not
allowed.".
yes, that is for the first attempt to directly remove the agreement, but
when the server is removed the agreements should be removed
The replication agreement though does get deleted,
then it is ok,
but the topology information does not get updated.
what do you mean, where do you check ? in the "remaining" topology the
shared tree should be updated, for the removed replica it will not, but
this should be uninstalled anyway
When I then issue `ipa topologysegment-del`, it fails due to "ipa:
ERROR: Server is unwilling to perform: Removal of Segment disconnects
topology.Deletion not allowed."
correct, you can only do it after removal of the server
I tried to disable the segment first and then delete it, but with the
segment properly disabled, the attempt to delete it raised a GSS
error: "ipa: ERROR: Kerberos error: Kerberos error: ('Unspecified GSS
failure. Minor code may provide more information', 851968)/('KDC
returned error string: PROCESS_TGS', -1765328324)/". I am not sure,
where to search for corresponding logs. The session transcript is
attached.
2. The following is probably unrelated to the topology plugin:
I installed a replica with --setup-ca option. Then, on this replica
tried to prepare another replica:
-------------------------------------------------------------------------------------------------------------------------------------------------
root@f22replica2:/home/ofayans/f22]$ ipa-replica-prepare --ip-address
192.168.122.141 f22replica3.bagam.net
Directory Manager (existing master) password:
Preparing replica for f22replica3.bagam.net from f22replica2.bagam.net
Creating SSL certificate for the Directory Server
Certificate issuance failed
-------------------------------------------------------------------------------------------------------------------------------------------------
The corresponding line in the dirsrv log:
[09/Jun/2015:09:54:46 -0400] - Entry "uid=admin,ou=people,o=ipaca" --
attribute "krbExtraData" not allowed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
