Re: [Freeipa-devel] [PATCH] 790 document problems re-adding a replication
Simo Sorce wrote: On Wed, 2011-05-25 at 12:39 -0400, Rob Crittenden wrote: Simo Sorce wrote: On Wed, 2011-05-25 at 09:09 -0400, Rob Crittenden wrote: Dmitri Pal wrote: On 05/24/2011 04:21 PM, Rob Crittenden wrote: If you create a replica, remove it, then re-add it and try to re-initialize the database it will fail because the remote master has the old service principal cached. The remote dirsrv needs to be restarted. This is the issue in the disaster recovery case too, right? Yes, any time a replica is removed and re-added. I would add: within a short time frame If the replica is removed today and readded in one week there should be no problem because any ticket will have been expired so libgssapi will acquire a new one. Simo. Sure, makes sense. Patch revised. ACK Simo. pushed to master and ipa-2-0 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 790 document problems re-adding a replication
Dmitri Pal wrote: On 05/24/2011 04:21 PM, Rob Crittenden wrote: If you create a replica, remove it, then re-add it and try to re-initialize the database it will fail because the remote master has the old service principal cached. The remote dirsrv needs to be restarted. This is the issue in the disaster recovery case too, right? Yes, any time a replica is removed and re-added. rob This is really only an issue when testing and doing an initial set up but it was rather confusing so I added it to the ipa-replica-manage man page. ticket 1077 rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 790 document problems re-adding a replication
On Wed, 2011-05-25 at 09:09 -0400, Rob Crittenden wrote: Dmitri Pal wrote: On 05/24/2011 04:21 PM, Rob Crittenden wrote: If you create a replica, remove it, then re-add it and try to re-initialize the database it will fail because the remote master has the old service principal cached. The remote dirsrv needs to be restarted. This is the issue in the disaster recovery case too, right? Yes, any time a replica is removed and re-added. I would add: within a short time frame If the replica is removed today and readded in one week there should be no problem because any ticket will have been expired so libgssapi will acquire a new one. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 790 document problems re-adding a replication
Simo Sorce wrote: On Wed, 2011-05-25 at 09:09 -0400, Rob Crittenden wrote: Dmitri Pal wrote: On 05/24/2011 04:21 PM, Rob Crittenden wrote: If you create a replica, remove it, then re-add it and try to re-initialize the database it will fail because the remote master has the old service principal cached. The remote dirsrv needs to be restarted. This is the issue in the disaster recovery case too, right? Yes, any time a replica is removed and re-added. I would add: within a short time frame If the replica is removed today and readded in one week there should be no problem because any ticket will have been expired so libgssapi will acquire a new one. Simo. Sure, makes sense. Patch revised. rob From 63f63ceb4c151cd75e50931d2c654210e6027fbf Mon Sep 17 00:00:00 2001 From: Rob Crittenden rcrit...@redhat.com Date: Tue, 24 May 2011 16:13:44 -0400 Subject: [PATCH] Document that deleting and re-adding a replica requires a dirsrv restart. If you install a replica, delete the replica, then re-add it and then try to re-initialize the agreement it will fail because the remote master has the old service principals cached. It needs to be restarted to work. ticket 1077 --- install/tools/man/ipa-replica-manage.1 | 26 -- 1 files changed, 16 insertions(+), 10 deletions(-) diff --git a/install/tools/man/ipa-replica-manage.1 b/install/tools/man/ipa-replica-manage.1 index dba5bc5..4073dff 100644 --- a/install/tools/man/ipa-replica-manage.1 +++ b/install/tools/man/ipa-replica-manage.1 @@ -20,7 +20,7 @@ .SH NAME ipa\-replica\-manage \- Manage an IPA replica .SH SYNOPSIS -ipa\-replica\-manage [\fIOPTION\fR]... [connect|disconnect|del|list|re-initialize|force-sync] +ipa\-replica\-manage [\fIOPTION\fR]... [connect|disconnect|del|list|re\-initialize|force\-sync] .SH DESCRIPTION Manages the replication agreements of an IPA server. .TP @@ -36,17 +36,23 @@ Manages the replication agreements of an IPA server. \fBlist\fR [SERVER] \- Lists all the servers or the list of agreements of SERVER .TP -\fBre-initialize\fR -\- Forces a full re-initialization of the IPA server retrieving data from the server specified with the --from option +\fBre\-initialize\fR +\- Forces a full re\-initialization of the IPA server retrieving data from the server specified with the \-\-from option .TP -\fBforce-sync\fR -\- Immediately flush any data to be replicated from a server specified with the --from option +\fBforce\-sync\fR +\- Immediately flush any data to be replicated from a server specified with the \-\-from option +.TP +The connect and disconnect options are used to manage the replication topology. When a replica is created it is only connected with the master that created it. The connect option may be used to connect it to other existing replicas. +.TP +The disconnect option cannot be used to remove the last link of a replica. To remove a replica from the topology use the del option. +.TP +If a replica is deleted and then re\-added within a short time-frame then the 389\-ds instance on the master that created it should be restarted before re\-installing the replica. The master will have the old service principals cached which will cause replication to fail. .SH OPTIONS .TP \fB\-H\fR \fIHOST\fR, \fB\-\-host\fR=\fIHOST\fR The IPA server to manage. The default is the machine on which the command is run -Not honoured by the re-initialize command. +Not honoured by the re\-initialize command. .TP \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR The Directory Manager password to use for authentication @@ -76,7 +82,7 @@ DN of Windows subtree containing the users you want to sync (default cn=Users,d Password for the Windows PassSync user. .TP \fB\-\-from\fR=\fISERVER\fR -The server to pull the data from, used by the re-initialize and force-sync commands. +The server to pull the data from, used by the re\-initialize and force\-sync commands. .SH EXAMPLES .TP List all masters: @@ -91,8 +97,8 @@ List a server's replication agreements. srv2.example.com srv3.example.com .TP -Re-initialize a replica: - # ipa\-replica\-manage re-initialize --from srv2.example.com +Re\-initialize a replica: + # ipa\-replica\-manage re\-initialize \-\-from srv2.example.com This will re\-initialize the data on the server where you execute the command, retrieving the data from the srv2.example.com replica .TP @@ -107,5 +113,5 @@ Completely remove a replica: .TP Using connect/disconnect you can manage the replication topology. .SH EXIT STATUS - 0 if the command was successful +0 if the command was successful 1 if an error occurred -- 1.7.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 790 document problems re-adding a replication
On Wed, 2011-05-25 at 12:39 -0400, Rob Crittenden wrote: Simo Sorce wrote: On Wed, 2011-05-25 at 09:09 -0400, Rob Crittenden wrote: Dmitri Pal wrote: On 05/24/2011 04:21 PM, Rob Crittenden wrote: If you create a replica, remove it, then re-add it and try to re-initialize the database it will fail because the remote master has the old service principal cached. The remote dirsrv needs to be restarted. This is the issue in the disaster recovery case too, right? Yes, any time a replica is removed and re-added. I would add: within a short time frame If the replica is removed today and readded in one week there should be no problem because any ticket will have been expired so libgssapi will acquire a new one. Simo. Sure, makes sense. Patch revised. ACK Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 790 document problems re-adding a replication
If you create a replica, remove it, then re-add it and try to re-initialize the database it will fail because the remote master has the old service principal cached. The remote dirsrv needs to be restarted. This is really only an issue when testing and doing an initial set up but it was rather confusing so I added it to the ipa-replica-manage man page. ticket 1077 rob freeipa-rcrit-790-replica.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 790 document problems re-adding a replication
On 05/24/2011 04:21 PM, Rob Crittenden wrote: If you create a replica, remove it, then re-add it and try to re-initialize the database it will fail because the remote master has the old service principal cached. The remote dirsrv needs to be restarted. This is the issue in the disaster recovery case too, right? This is really only an issue when testing and doing an initial set up but it was rather confusing so I added it to the ipa-replica-manage man page. ticket 1077 rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel