Hi,
On 06/17/2015 05:07 PM, Oleg Fayans wrote:
On 06/17/2015 04:59 PM, Ludwig Krispenz wrote:
On 06/17/2015 04:46 PM, Oleg Fayans wrote:
Hi Ludwig,
On 06/17/2015 04:15 PM, Ludwig Krispenz wrote:
On 06/17/2015 03:37 PM, Oleg Fayans wrote:
Hi Ludwig, Petr,
Presently I have noticed that disabling a segment, using `ipa
topologysegment-mod realm replica1-to-replica2
--enabled=off` does not have effect on the way the data is
replicated.
I mean that if we have the following tolopogy:
master <-> replica1 <-> replica2
on which server did you apply the mod ?
On master.
just to be clear, you have master <-> replica1 <-> replica2
on master you disable replica1-replica2
why would you expect mods on master not to be replicated ? at least
to replica1 ?
the disable should only effect the connection between r1 and r2.
There is one problem in this linear topology, the disable reaches r1,
it disables the agmt to r2 and so fails to replicate the disable to r2.
To be precise, my topology is as follows
master <-> replica3 <-> replica2 <-> replica1
And I disabled the replica3 <-> replica2. So I expected the changes on
master to be only visible on master and replica3, but actually it kept
replicating to all nodes.
root@f22replica1:/home/ofayans]$ ipa topologysegment-find realm
------------------
3 segments matched
------------------
Segment name: f22master.bagam.net-to-f22replica3.bagam.net
Left node: f22master.bagam.net
Right node: f22replica3.bagam.net
Connectivity: both
Segment name: replica1-to-replica2
Left node: f22replica1.bagam.net
Right node: f22replica2.bagam.net
Connectivity: both
Segment name: replica3-to-replica2
Left node: f22replica3.bagam.net
Right node: f22replica2.bagam.net
Connectivity: both
----------------------------
Number of entries returned 3
----------------------------
root@f22replica1:/home/ofayans]$ ipa topologysegment-show realm
replica3-to-replica2
Segment name: replica3-to-replica2
Left node: f22replica3.bagam.net
Right node: f22replica2.bagam.net
Connectivity: both
Replication agreement enabled: off
can you do a ldapsearch on cn=realm,cn=topology, ......
and on replica3 do a search -b "cn=config"
"objectclass=nsds5replicationagreement"
would like to see the raw data.
It reproduces though even in a situation with the topology
replica3 <-> master <-> replica1 <-> replica2 and you disable the
replica1-replica2 segment on replica3 (quite expectedly)
and disable one of the segments, one would expect the changes
implemented on master would not be replicated to other nodes (or
do I misunderstand the concept of disabling a segment?). However,
in reality any changes in master do get replicated despite the
segment is disabled.
Is it a correct behavior?
The second question is: if disabled segments should not let the
changes through, then we probably should implement a check for
topology disconnection in similar way as `ipa topologysegment-del`
does. I mean, whenever a user tries to disable a segment, the
plugin should probably check whether it disconnects any of the nodes.
well, I think disabling should be temporary, you want to disconnect
for some time. eg for debugging, not deleting the agreement
completely, I would allow this.
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
