On 25.6.2015 09:53, Petr Vobornik wrote:
> On 06/25/2015 08:52 AM, Ludwig Krispenz wrote:
>>
>> On 06/24/2015 09:01 PM, Simo Sorce wrote:
>>> On Wed, 2015-06-24 at 11:25 +0200, Ludwig Krispenz wrote:
>>>> Oleg,
>>>>
>>>> the topology plugin relies on existing connection between servers which
>>>> remain in a topolgy. If you remove a central node in your topology you
>>>> are asking for trouble.
>>>> With Petr's patch it warns you that your topology will be disconnected,
>>>> and if you insist we cannot guarantee anything.
>>>> should we completely prohibit this ?
>>> No, but a --force should be needed.
>>> Without a --force option we should not allow to remove a replica
>>> completely from another one.
>>>
>>>> I don't know, I think you could
>>>> also enforce an uninstall of vm175 with probably the same result.
>>>> what you mean be calculating the remaining topology and send it to the
>>>> remaining servers does not work, it would require to send a removal of a
>>>> segment, which would be rejected.
>>> You would have to connect to each replica that has a replication
>>> agreement with vm175 and remove the segment from that replica. But it
>>> wouldn't really help much as once a replica is isolated from the central
>>> one, it will not see the other operations going on in other replicas.
>>>
>>> Once we have a topology resolver we will be able to warn that removing a
>>> specific replica will cause a split brain and make very loud warnings
>> we have this already, see the output of Oleg's example:
>>
>> ipa-replica-manage del vm-175.idm.lab.eng.brq.redhat.com
>> Topology after removal of vm-175.idm.lab.eng.brq.redhat.com will be
>> disconnected:
>> Server vm-036.idm.lab.eng.brq.redhat.com can't contact servers:
>> vm-056.idm.lab.eng.brq.redhat.com, vm-127.idm.lab.eng.brq.redhat.com
>> Server vm-056.idm.lab.eng.brq.redhat.com can't contact servers:
>> vm-244.idm.lab.eng.brq.redhat.com, vm-036.idm.lab.eng.brq.redhat.com,
>> vm-127.idm.lab.eng.brq.redhat.com
>> Server vm-127.idm.lab.eng.brq.redhat.com can't contact servers:
>> vm-244.idm.lab.eng.brq.redhat.com, vm-056.idm.lab.eng.brq.redhat.com,
>> vm-036.idm.lab.eng.brq.redhat.com
>> Server vm-244.idm.lab.eng.brq.redhat.com can't contact servers:
>> vm-056.idm.lab.eng.brq.redhat.com, vm-127.idm.lab.eng.brq.redhat.com
>> Continue to delete? [no]: yes
>>
>> it tells you that the topology gets disconnected and which connections
>> will be missing, the continue yes/no is the --force,
>> the question was, should we allow a force in this situation ?
>>
>
> What it does is:
> 1. Checks current topology, prints errors with introduction msg:
> "Current topology is disconnected:" + errors
> 2. Checks topology after node removal, prints errors with msg:
> "Topology after removal of %s will be disconnected:" + errors
> 3. if there were errors in #1 or #2, it does:
> if not force and not ipautil.user_input("Continue to delete?", False):
> sys.exit("Aborted")
>
>
> To make it more loud we can introduce msg in #2 with: "WARNING: " or something
> even more louder
>
> The question "Continue to delete?" could be
> * removed, and therefore --force will be always required for such case
> * be still regarded as 'force' but the question could be changed e.g. to:
> "Continue to delete and disconnect the topology?"
Nitpick:
I'm not a native English speaker but "Current topology is disconnected" does
not sound clear and scary enough to me.
At very least, the line should start with "WARNING:" to follow the same patter
as all other warnings.
Also it would be nice to add something descriptive like 'Changes in will not
be replicated to all servers and data WILL become inconsistent.'
Or possibly 'GATE TO HELL IS WIDE OPEN'? :-)
Of course all this needs to be rephrased to proper English ...
Petr^2 Spacek
>>>> More interesting would be if we can heal this later by adding new
>>>> segments.
>>> Indeed, reconnecting all the severed replicas should cause all the
>>> removals (segments or servers) to be replicated among servers and should
>>> bring back the topology view in a consistent state. But not until all
>>> servers are reconnected and replication has started again.
>> This healing can also be required without forcing removal by an admin.
>> If you have a start topology and your central node goes down and is not
>> recoverable
>>>
>>> Simo.
>>>
>>>
>>>> Ludwig
>>>> On 06/24/2015 11:04 AM, Oleg Fayans wrote:
>>>>> Hi everybody,
>>>>>
>>>>> Current implementation of topology plugin (including patch 878 from
>>>>> Petr) allows the deletion of the central node in the star topology.
>>>>> I had the following topology:
>>>>>
> <snip>
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
