Red Hat Bugzilla – Bug 839638
ipa-replica-manage allows disconnect of last connection for a single replica
Last modified: 2013-02-21 04:16:44 EST
Description of problem: ipa-replica-manage is allowing me to disconnect (not delete) the last connection to a replica. topo: R1--M--R2 Since there is not a connection from R1 to R2, I should have to delete the connection between R1 (or R2) and M? ipa-replica-manage is allowing me to disconnect though: install vm1 as M install vm2 as R1 connected to M install vm3 as R2 connected to M Then: [root@vm1 shared]# ipa-replica-manage -p $ADMINPW disconnect vm1.testrelm.com vm2.testrelm.com Deleted replication agreement from 'vm1.testrelm.com' to 'vm2.testrelm.com' [root@vm1 shared]# ipa-replica-manage -p $ADMINPW connect vm1.testrelm.com vm2.testrelm.com You cannot connect to a previously deleted master [root@vm1 shared]# ipa-replica-manage -p $ADMINPW disconnect vm1.testrelm.com vm3.testrelm.com Cannot remove the last replication link of 'vm1.testrelm.com' Please use the 'del' command to remove it from the domain I should have seen the error on the vm2 disconnect that I saw on vm3? Version-Release number of selected component (if applicable): ipa-server-2.2.0-16.el6.x86_64 How reproducible: always Steps to Reproduce: 1. install ipa Master 2. install 2 replicas each connected to Master 3. install vm3 as R2 connected to M 4. ipa-replica-manage disconnect $MASTER $REPLICA1 Actual results: disconnect succeeds when it should fail: [root@vm1 shared]# ipa-replica-manage -p $ADMINPW disconnect vm1.testrelm.com vm2.testrelm.com Deleted replication agreement from 'vm1.testrelm.com' to 'vm2.testrelm.com' Expected results: should have seen something more like this? [root@vm1 shared]# ipa-replica-manage -p $ADMINPW disconnect vm1.testrelm.com vm3.testrelm.com Cannot remove the last replication link of 'vm1.testrelm.com' Please use the 'del' command to remove it from the domain Additional info:
Also, I'm not sure if this requires a new bug or just related to this but, I cannot seem to reconnect to a disconnected server even if there are still connections. Example: install vm4 connected to R3 install vm5 connected to R3 connect vm4 to vm5 disconnect vm4 from vm3 connect vm4 to vm3 fails [root@vm4 shared]# ipa-replica-manage -p $ADMINPW connect vm4.testrelm.com vm5.testrelm.com Connected 'vm4.testrelm.com' to 'vm5.testrelm.com' [root@vm4 shared]# ipa-replica-manage -p $ADMINPW list vm4.testrelm.com vm3.testrelm.com: replica vm5.testrelm.com: replica [root@vm4 shared]# ipa-replica-manage -p $ADMINPW list vm5.testrelm.com vm3.testrelm.com: replica vm4.testrelm.com: replica [root@vm4 shared]# ipa-replica-manage -p $ADMINPW disconnect vm3.testrelm.com vm4.testrelm.com Deleted replication agreement from 'vm3.testrelm.com' to 'vm4.testrelm.com' [root@vm4 shared]# ipa-replica-manage -p $ADMINPW list vm4.testrelm.com vm5.testrelm.com: replica [root@vm4 shared]# ipa-replica-manage -p $ADMINPW connect vm3.testrelm.com vm4.testrelm.com You cannot connect to a previously deleted master
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2925
Fixed upstream This fixes two problems. 1. When deleting a link it wasn't checking both sides to see if it was the last link. This would orphan one of them. 2. When reconnecting do a better job of determining if one of the masters had previously been deleted. master: 32c1aa45b3d41e15adb2ca8f8713e774046bc340 87040c0af1e76b5477cd53d515ed8071d941ce24
Verified. Version :: ipa-server-3.0.0-2.el6.x86_64 Manual Test Results :: [root@vm4 ipa]# ipa-replica-manage -p $ADMINPW disconnect vm5.testrelm.com vm6.testrelm.com ipa: INFO: Setting agreement cn=meTovm5.testrelm.com,cn=replica,cn=dc\=testrelm\,dc\=com,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=meTovm5.testrelm.com,cn=replica,cn=dc\=testrelm\,dc\=com,cn=mapping tree,cn=config ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica acquired successfully: Incremental update succeeded: start: 0: end: 0 Deleted replication agreement from 'vm5.testrelm.com' to 'vm6.testrelm.com' [root@vm4 ipa]# ipa-replica-manage -p $ADMINPW list vm4.testrelm.com vm5.testrelm.com: replica vm6.testrelm.com: replica [root@vm4 ipa]# ipa-replica-manage -p $ADMINPW list vm5.testrelm.com vm4.testrelm.com: replica [root@vm4 ipa]# ipa-replica-manage -p $ADMINPW list vm6.testrelm.com vm4.testrelm.com: replica [root@vm4 ipa]# ipa-replica-manage -p $ADMINPW disconnect vm4.testrelm.com vm5.testrelm.com Cannot remove the last replication link of 'vm5.testrelm.com' Please use the 'del' command to remove it from the domain [root@vm4 ipa]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html