On Tue, 2012-02-28 at 16:36 -0500, Rob Crittenden wrote: > Martin Kosek wrote: > > On Sat, 2012-02-25 at 17:43 -0500, Rob Crittenden wrote: > >> This patch does two things: > >> > >> 1. Prompts when deleting a master to make clear that this is irreversible > >> 2. Does not allow a deleted master to be reconnected. > >> > >> Reconnecting to a deleted master causes all heck to break loose because > >> we delete principals as part of deletion process. If you reconnect to a > >> deleted master then we replicate those deletes and the connected master > >> is now unusable (no principals). > >> > >> A simple test is: > >> > >> Install master > >> Install replica > >> ipa-replica-manage del replica > >> ipa-replica-manage connect replica > >> ipa-server-uninstall -U on replica > >> re-install replica > >> > >> The re-install should be successful. > >> > >> rob > > > > Generally, it looks and works well. I just miss some unattended way to > > deleted a replica, from other script for example. > > > > I think we may either re-use --force flag for this purpose or introduce > > an --unattended flag. > > > > I also found an issue with S4U2Proxy memberPrincipal added for each > > replica. Since the memberPrincipal values for deleted replica are not > > removed when a replica is being deleted, ipa-replica-install reports a > > (benign) error when it tries to add a duplicate value afterwards. I > > filed a ticket for this one: > > > > https://fedorahosted.org/freeipa/ticket/2451 > > > > Martin > > > > OK, went with --force. > > rob
The approach should be OK, but the patch you included is wrong. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel