Bug 921186

Summary: [RFE] Reclaim DNA ranges when uninstalling replicas
Product: Red Hat Enterprise Linux 7 Reporter: Namita Soman <nsoman>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED CURRENTRELEASE QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: edupless, jcholast, jgalipea, mkosek, spoore
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.2.1-1.el7 Doc Type: Enhancement
Doc Text:
Feature: Allow reclaiming UID/GID ranges that belong to deleted replicas. Reason: When a replica is installed a UID/GID range is automatically allocated and provisioned to the replica. If many replicas are recycled the ID space can be exhausted. Result (if any): When a replica is deleted, the remaining ID range is transferred to a suitable replica, if there is one. Additionally, ID ranges can be managed manually with ipa-replica-manage.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 13:29:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Namita Soman 2013-03-13 16:26:08 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3321

When uninstalling replicas currently unused ID ranges are simply lost.
On a 2 replica server setup uninstalling an reinstalling a replica may loose as much as half of the total original range.

We need to add means to reclaim unused ranges by adding them back to one of the masters when a replica is uninstalled or forcibly deleted.
Comment 1 Rob Crittenden 2013-03-13 16:54:23 UTC 
Fixed upstream

master: 9005b9bc8aac7c1381aadb7d17107ebbebae005d

See http://freeipa.org/page/V3/Recover_DNA_Ranges for the design details.
Comment 4 Martin Kosek 2013-10-01 08:09:02 UTC 
*** Bug 864735 has been marked as a duplicate of this bug. ***
Comment 5 Scott Poore 2014-02-03 22:34:48 UTC 
Verified.

Version ::

ipa-server-3.3.3-15.el7.x86_64

Results ::

ON MASTER:

[root@rhel7-1 ~]# ipa-replica-manage dnarange-show
master.ipa1.example.test: 445600000-445799999
replica1.ipa1.example.test: No range set

[root@rhel7-1 ~]# ipa-replica-manage dnanextrange-show
master.ipa1.example.test: No on-deck range set
replica1.ipa1.example.test: No on-deck range set

ON REPLICA:

[root@rhel7-2 ~]# kinit admin
Password for admin.TEST: 

[root@rhel7-2 ~]# ipa user-add --first=f --last=l testuser1
----------------------
Added user "testuser1"
----------------------
  User login: testuser1
  First name: f
  Last name: l
  Full name: f l
  Display name: f l
  Initials: fl
  Home directory: /home/testuser1
  GECOS: f l
  Login shell: /bin/sh
  Kerberos principal: testuser1.TEST
  Email address: testuser1.test
  UID: 445700000
  GID: 445700000
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

ON MASTER:

[root@rhel7-1 ~]# ipa-replica-manage dnarange-show
master.ipa1.example.test: 445600000-445699999
replica1.ipa1.example.test: 445700001-445799999

[root@rhel7-1 ~]# ipa-replica-manage dnanextrange-show
master.ipa1.example.test: No on-deck range set
replica1.ipa1.example.test: No on-deck range set

[root@rhel7-1 ~]# ipa-replica-manage del replica1.ipa1.example.test --force
Deleting replication agreements between replica1.ipa1.example.test and master.ipa1.example.test
ipa: INFO: Setting agreement cn=meTomaster.ipa1.example.test,cn=replica,cn=dc\=ipa1\,dc\=example\,dc\=test,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch
ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=meTomaster.ipa1.example.test,cn=replica,cn=dc\=ipa1\,dc\=example\,dc\=test,cn=mapping tree,cn=config
ipa: INFO: Replication Update in progress: TRUE: status: 0 Replica acquired successfully: Incremental update started: start: 0: end: 0
ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica acquired successfully: Incremental update succeeded: start: 0: end: 0
Deleted replication agreement from 'master.ipa1.example.test' to 'replica1.ipa1.example.test'
Background task created to clean replication data. This may take a while.
This may be safely interrupted with Ctrl+C

[root@rhel7-1 ~]# ipa-replica-manage dnarange-show
master.ipa1.example.test: 445600000-445699999

[root@rhel7-1 ~]# ipa-replica-manage dnanextrange-show
master.ipa1.example.test: 445700001-445799999
Comment 6 Ludek Smid 2014-06-13 13:29:07 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.