#6168 Middle replica uninstallation in line topology works without '--ignore-topology-disconnect'
Closed: Fixed None Opened 7 years ago by ofayans.

I was able to uninstall the middle replica in line topology using 'ipa-server-install --uninstall' without specifying '--ignore-topology-disconnect'. [[BR]]
Topology looks like this:
master <-> replica1 <-> replica2

Replica1 was uninstalled successfully.
After replica uninstallation, the output of 'ipa topologysegment-find domain' did not change and looked like:

------------------
2 segments matched
------------------
  Segment name: replica2-to-replica1
  Left node: replica2
  Right node: replica1
  Connectivity: both

  Segment name: master-to-replica1
  Left node: master
  Right node: replica1
  Connectivity: both
----------------------------
Number of entries returned 2
----------------------------

The version of the freeipa packages is 4.4.0.201607260719GIT648b5af-0.fc24.x86_64

Expected behavior:

Uninstallation should fail and an error message should be displayed:
"Uninstallation leads to disconnected topology"


was replica1 up and running when the uninstall command was executed ?

A note: uninstaller should use IPA framework check to check disconnect. The check itself shouldn't require any other replica to be up and running.

But subsequent removal of segments should be done by other replicas.

Looks like the disconnect check is done, but ignored
running uninstall on the middle replica gives.

 ipa-server-install --uninstall

This is a NON REVERSIBLE operation and will delete all data and configuration!

Are you sure you want to continue with the uninstall procedure? [no]: yes
Shutting down all IPA services
Unconfiguring ntpd
Configuring certmonger to stop tracking system certificates for KRA
Configuring certmonger to stop tracking system certificates for CA
Unconfiguring CA
Unconfiguring web server
Unconfiguring krb5kdc
Unconfiguring kadmin
Unconfiguring directory server
Unconfiguring ipa-custodia
Unconfiguring ipa_memcached
Unconfiguring ipa-otpd
Removing IPA client configuration
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
Restoring client configuration files
Unconfiguring the NIS domain.
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Systemwide CA database updated.
Client uninstall complete

But in the uninstall log, there is:

2016-08-10T12:30:03Z WARNING Failed to delete master: Server removal aborted:

Removal of 'vm-179.abc.idm.lab.eng.brq.redhat.com' leads to disconnected topology in suffix 'domain':
Topology does not allow server vm-184.abc.idm.lab.eng.brq.redhat.com to replicate with servers:
    vm-196.abc.idm.lab.eng.brq.redhat.com
Topology does not allow server vm-196.abc.idm.lab.eng.brq.redhat.com to replicate with servers:
    vm-184.abc.idm.lab.eng.brq.redhat.com

Removal of 'vm-179.abc.idm.lab.eng.brq.redhat.com' leads to disconnected topology in suffix 'ca':
Topology does not allow server vm-184.abc.idm.lab.eng.brq.redhat.com to replicate with servers:
    vm-196.abc.idm.lab.eng.brq.redhat.com
Topology does not allow server vm-196.abc.idm.lab.eng.brq.redhat.com to replicate with servers:
    vm-184.abc.idm.lab.eng.brq.redhat.com.
2016-08-10T12:30:03Z DEBUG Starting external process

master:

  • fea56fe Fail on topology disconnect/last role removal

The uninstallation now fails, but the result code is 0:

[11:44:48]root@f24replica1:/home/ofayans]$ ipa-server-install --uninstall -U
WARNING: yacc table file version is out of date
ipa         : ERROR    Server removal aborted:

Removal of 'f24replica1.pesen.net' leads to disconnected topology in suffix 'domain':
Topology does not allow server f24master.pesen.net to replicate with servers:
    f24replica2.pesen.net
Topology does not allow server f24replica2.pesen.net to replicate with servers:
    f24master.pesen.net

Removal of 'f24replica1.pesen.net' leads to disconnected topology in suffix 'ca':
Topology does not allow server f24master.pesen.net to replicate with servers:
    f24replica2.pesen.net
Topology does not allow server f24replica2.pesen.net to replicate with servers:
    f24master.pesen.net.
[11:44:48]root@f24replica1:/home/ofayans]$ echo $?
0

Could we please use correct return code here?

There's another ticket for that (#3230). For the four years of its existence no one was able/cared enough to fix it, volunteers are welcome though.

Metadata Update from @ofayans:
- Issue assigned to stlaz
- Issue set to the milestone: FreeIPA 4.4.1

6 years ago

Login to comment on this ticket.

Metadata