Hi Petr,
On 06/11/2015 06:34 PM, Petr Vobornik wrote:
Attaching a wip patch for `ipa-replica-manage del` to work with managed topology.

There are two prerequisite patches, they add following commands. All commands has NO_CLI flag which means they are hidden in CLI.
- server-del
- serverservice-add, mod, del, show, find

serverservice is object name for server "services" in cn=masters. I don't like the "service" name much but it's already been used in general discussions.

The main patch introduces two distinct methods for deleting servers, one for managed topology another for the old method. They share some code.

There are some differences in behavior.

1. the original 'del' worked also with winsync agreements. I'm not sure why is that. Shouldn't 'disconnect' be used for winsync agreements? At least man page says that.

2. options --clean and --force aren't used in the new method. I don't think that they are required. They serve for deleting the server entry in cn=masters. The new method is build around this deletion so that it's always done which also means the cleanup is done.

3. Clean RUV task is run after deleting server entry and related cleanup. I don't think it works well. From observing the changes, it looks like it's executed before topology plugin manages to delete the agreements. This task then doesn't want to end and it reports that it has not finished somewhere. It finishes successfully if dirsrv is restarted. Agreements are then removed as well and all is fine.

Ludwig, should the clean RUV step be done differently? E.g. somewhere else or after something finishes?
good question, investigateing the cleanallruv problems was on my agenda after the topology plugin is "stable". We have seen many issues (eg corrupted ruvs), where we don't know why they exist in DS and if anything in the management code of ipa is contributing to this. So I can not really recommend a "best practice" at the moment. Regarding required changes in the manage-del, I think the problem is that without the topo plugin the agreement was deleted, then cleanallruv was started (it no longer tried to contact the removed replica and didn't get contacted by that replica). Now the direct deletion of the agreement is rejected and the cleanallruv will act in the full topology, so it probably should be done after the server was removed.

You call server_del before calling replica_cleanup (which also deletes the server). I don't see the deletion of the services before server_del, so this should fail since it has children.

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to