On Mon, Oct 16, 2017 at 04:27:35PM +0200, Patrik Lundin wrote: > On 2017-10-12 11:38:57, Nico Williams wrote: > > On Thu, Oct 12, 2017 at 05:38:32PM +0200, Patrik Lundin wrote: > > > > > > To summarize this tread: The --reset flag should currently not be used > > > in a production systems since ipropd-master is unable to parse the > > > resulting log file. > > > > No, the master is perfectly able to to parse the new log. The issue is > > that it's not enough to ensure that slaves get full props. > > > > A 7.4.0 ipropd-master chokes on the log when it is truncated with > --reset as I showed in my initial message to the list: > http://www.h5l.org/pipermail/heimdal-discuss/2017-October/000277.html: > === > If the slave log has a version number greater than 0 the master will > notice it is out of sync and attempt to update it only to fail in > send_diffs() because kadm5_log_get_version_fd() returns > HEIM_ERR_EOF (and this is documented behaviour for that function when > the log is truncated and LOG_VERSION_FIRST is supplied). > ===
Ah, OK, I'll fix this too. Thanks. > > > #1. Stop the current master. > > > #2. Dump the database on the current master. > > > #3. Load the database on the new master. > > > #4. Do some random modification of the database on the new master via > > > kadmin -l in order to set the log version to at least 2. > > > > Just version 1 will do, but yes. > > > > No, if you leave it at version 1 the slave will "get in sync with > version 1 by means of replaying log entries" which leaves it with an > empty database: Oh, nice failure mode. But version 1 should suffice, so I'll make it so. Thanks! Nico --
