Hide Forgot
Description of problem: This is just an RFE. It's happening at customer sites that the cleaning of dns records at "ipa-replica-manage del" is happening more or less at the end of command, just after the "CLEANALLRUV" operatoin which is rather delicate and could hang easily if not all the replicas are up and running. Customers tends to ctrl+C as porposed and the last cleaning is not done. As a consquence plenty of references to deleted replicas stays in dns zones and records. It could be interesting to have a command to clean this. For instance, to replace the "Authoritative nameserver" of zones by an existing node. This can be done by: ipa dnszone-mod <zone name> --name-server=<fqdn ipaserver> for all the zones poiting to a deleted replica. Then, for dnsrecords, we have these sort of info: Record name: @ NS record: <node1>. <node2>. <node3>. and the command to do manually (or webui) is: ipa dnsrecord-mod <zone> <record> --ns-rec="(list of valid nodes only)"
The first paragraph sounds more like a bug. It should not show that it can be safely interrupted. In FreeIPA 4.3 when domain level(new feature of 4.3) is set to 1 `ipa-replica-manage del` behavior is changed and the "can be safely interrupted" message is not shown to admins. The bug is present for domain level 0. More details about domain levels are in http://www.freeipa.org/page/Releases/4.3.0 Given that the behavior will change for updated replicas on future RHELs and the fact that this bug is already present for very long time, I'm not sure if it is worth fixing. Wrt `ipa-replica-manage del` - I have filed this RFE: https://fedorahosted.org/freeipa/ticket/5588 The second part - some DNS cleanup method. It is something worth discussing. Adding Petr Spacek to CC.
Found related bug 896699
I agree that we should do better job when removing replicas, so no manual action is necessary. Maybe the cleanup method should have some manual trigger so it can be re-executed by user when something bad happens during replica removal.
Triage result: given reasoning in comment 4 (RHEL 7.3 will use different behaviour) and the fact that `ipa-replica-manage del <hostname> --force --clean` should run the cleanup task which was skipped by ctrl+c, this bz will be closed as won't fix. But DNS deserves better handling in installers, tracked in https://fedorahosted.org/freeipa/ticket/5620 If `ipa-replica-manage del <hostname> --force --clean` doesn't clean it, then it is a bug.
NEXTRELEASE is actually more appropriate(behavior change).
Upstream ticket: https://pagure.io/freeipa/issue/7191
Thank you taking your time and submitting this request for Red Hat Enterprise Linux. The request was cloned to the upstream tracker a long time ago (see link to the upstream ticket above), but it was unfortunately not given priority either in the upstream project, nor in Red Hat Enterprise Linux. Given that this request is not planned for a close release, it is highly unlikely it will be fixed in this major version of Red Hat Enterprise Linux. We are therefore closing the request as WONTFIX. To request that Red Hat reconsiders the decision, please reopen the Bugzilla with the help of Red Hat Customer Service and provide additional business and/or technical details about it's importance to you. Please note that you can still track this request or even offer help in the referred upstream Pagure ticket to expedite the solution.