On 06/22/2015 02:49 PM, Oleg Fayans wrote:
Could you please clarify how should `ipa topologysegment-mod
My initial understanding was that it disables any changes to go
through the disabled segment, but as it turns out, it does let the
topology-related info through, and filters out all the rest.
What I mean, is that having a line topology like this:
master - rep1 - rep2 - rep3 - rep4
When I disable rep2-rep3 segment, then:
1. any user created on master does not appear on rep3 and rep4 (as
2. changes in topology, made on rep4 do get replicated to master
Is it an expected behavior?
expected: yes, intended: no
if you disable rep2-rep3 on master or repl1 or repl2 this change arrives
at repl2 and will disable the agreement to repl3. This can happen before
the change is replicated to repl3 and so the setting to off does not
arrive at repl3 and it will still replicate back to repl2.
In a previous discussion there was agreement that we do not want to
support disablement of a segment, but it is not yet enforced.
This problem is similar to the one where a master is removed, the
segments connecting it (and the repl agmts) are removed and these
changes do not arrive at the removed master. To handle this either a
check if changes have been received at other servers, or the removal
would have to be done by some delay,...
This was not pursued since the removed master would be gone, and in the
remaining topology connections to it are removed and also its
credentials are removed, so even if it has a leftover agreement it will
not be able to replicate back into the remaining topology
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code