Thanks Petr! Did I understand correctly, that the master branch does not yet contain patches 0005 and 0006 from Ludwig, only the 0003 patch has been merged? I must apply them manually to get the full plugin functionality, right?
On 05/26/2015 11:00 AM, Petr Vobornik wrote: > On 05/25/2015 03:56 PM, Oleg Fayans wrote: >> Hi, >> >> Playing around with the replication topology plugin, I've noticed a >> couple of issues: >> 1. around 50% of attempts to setup a replica of a freeipa master with >> topology plugin enabled (domain level set to 1.0) end up with the >> following error message in the stdoutput: >> >> [error] RuntimeError: One of the ldap service principals is missing. >> Replication agreement cannot be converted. >> Replication error message: Unable to acquire replicaLDAP error: No such >> object >> >> I am not sure whether the reason is in the Topology Plugin itself or in >> some of the latest changes in upstream, though. > > I have the same experience. It seems that data from master were > replicated to new replica but new replica entries(host, services) were > not replicated back to master. > > The installation then hangs on replica's check if its ldap service > principal is on master. > > New ticket: https://fedorahosted.org/freeipa/ticket/5035 > > >> >> 2. Whenever this happens, master retains the information about the new >> topology segment, even despite the replica setup was unsuccessful. IMHO, >> we should have a way to notify the master about replica setup >> faiures/aborts so that the master would automatically erase the >> corresponding freshly-created segments in such cases. > > Not sure if we can rely on that because the chosen communication > mechanism(what ever it might be) might suffer from the same root cause > as the replica installation. > >> >> 3. After this happens user is unable to delete the replication agreement >> with the standard `ipa-replica-manage del` way: >> $ ipa-replica-manage del replica1.pesen.net --force >> Connection to 'replica1.pesen.net' failed: [Errno -2] Name or service >> not known >> Forcing removal of replica1.pesen.net >> Skipping calculation to determine if one or more masters would be >> orphaned. >> Deleting replication agreements between replica1.pesen.net and >> newmaster.pesen.net >> Failed to get list of agreements from 'replica1.pesen.net': [Errno -2] >> Name or service not known >> Forcing removal on 'newmaster.pesen.net' >> Any DNA range on 'replica1.pesen.net' will be lost >> There were issues removing a connection for replica1.pesen.net from >> newmaster.pesen.net: Server is unwilling to perform: Entry is managed by >> topology plugin.Deletion not allowed. >> Failed to cleanup replica1.pesen.net entries: Not allowed on non-leaf >> entry > > this line was fixed by https://fedorahosted.org/freeipa/ticket/5019 . > When this succeeds (master entry is deleted), topology plugin should > delete the rest. I.e., with this patch I was able to delete the replica. > > That said, the output might want some love. > >> You may need to manually remove them from the tree >> Failed to cleanup replica1.pesen.net DNS entries: no matching entry >> found >> You may need to manually remove them from the tree >> >> IIRC upon one of the early discussions with Ludwig, this is yet to be >> implemented. >> -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
