On Wed, 2015-06-17 at 16:15 +0200, Ludwig Krispenz wrote:
> On 06/17/2015 03:37 PM, Oleg Fayans wrote:
> > Hi Ludwig, Petr,
> > Presently I have noticed that disabling a segment, using `ipa
> > topologysegment-mod realm replica1-to-replica2
> > --enabled=off` does not have effect on the way the data is replicated.
> > I mean that if we have the following tolopogy:
> > master <-> replica1 <-> replica2
> on which server did you apply the mod ?
> > and disable one of the segments, one would expect the changes
> > implemented on master would not be replicated to other nodes (or do I
> > misunderstand the concept of disabling a segment?). However, in
> > reality any changes in master do get replicated despite the segment is
> > disabled.
> > Is it a correct behavior?
> > The second question is: if disabled segments should not let the
> > changes through, then we probably should implement a check for
> > topology disconnection in similar way as `ipa topologysegment-del`
> > does. I mean, whenever a user tries to disable a segment, the plugin
> > should probably check whether it disconnects any of the nodes.
> well, I think disabling should be temporary, you want to disconnect for
> some time. eg for debugging, not deleting the agreement completely, I
> would allow this.
Too dangerous, I would honestly not even offer the option to disable
anything via the framework for now.
Do we really want to allow an admin to cause split brains ?
If an admin forgets to re-enable a segment pretty quickly you get in a
very undesirable state if that segment caused a split brain.
It may make sense if it were some time-based command, where you must
enter a (short) time period when the segment is disabled, so that it
re-enabled automatically when the window expires, but that is not
something we are getting in the short term.
Simo Sorce * Red Hat, Inc * New York
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code