I was able to uninstall the middle replica in line topology using 'ipa-server-install --uninstall' without specifying '--ignore-topology-disconnect'. [[BR]] Topology looks like this: master <-> replica1 <-> replica2
Replica1 was uninstalled successfully. After replica uninstallation, the output of 'ipa topologysegment-find domain' did not change and looked like:
------------------ 2 segments matched ------------------ Segment name: replica2-to-replica1 Left node: replica2 Right node: replica1 Connectivity: both Segment name: master-to-replica1 Left node: master Right node: replica1 Connectivity: both ---------------------------- Number of entries returned 2 ----------------------------
The version of the freeipa packages is 4.4.0.201607260719GIT648b5af-0.fc24.x86_64
Expected behavior:
Uninstallation should fail and an error message should be displayed: "Uninstallation leads to disconnected topology"
was replica1 up and running when the uninstall command was executed ?
A note: uninstaller should use IPA framework check to check disconnect. The check itself shouldn't require any other replica to be up and running.
But subsequent removal of segments should be done by other replicas.
Looks like the disconnect check is done, but ignored running uninstall on the middle replica gives.
ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes Shutting down all IPA services Unconfiguring ntpd Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring CA Unconfiguring web server Unconfiguring krb5kdc Unconfiguring kadmin Unconfiguring directory server Unconfiguring ipa-custodia Unconfiguring ipa_memcached Unconfiguring ipa-otpd Removing IPA client configuration Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Restoring client configuration files Unconfiguring the NIS domain. nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Systemwide CA database updated. Client uninstall complete
But in the uninstall log, there is:
2016-08-10T12:30:03Z WARNING Failed to delete master: Server removal aborted: Removal of 'vm-179.abc.idm.lab.eng.brq.redhat.com' leads to disconnected topology in suffix 'domain': Topology does not allow server vm-184.abc.idm.lab.eng.brq.redhat.com to replicate with servers: vm-196.abc.idm.lab.eng.brq.redhat.com Topology does not allow server vm-196.abc.idm.lab.eng.brq.redhat.com to replicate with servers: vm-184.abc.idm.lab.eng.brq.redhat.com Removal of 'vm-179.abc.idm.lab.eng.brq.redhat.com' leads to disconnected topology in suffix 'ca': Topology does not allow server vm-184.abc.idm.lab.eng.brq.redhat.com to replicate with servers: vm-196.abc.idm.lab.eng.brq.redhat.com Topology does not allow server vm-196.abc.idm.lab.eng.brq.redhat.com to replicate with servers: vm-184.abc.idm.lab.eng.brq.redhat.com. 2016-08-10T12:30:03Z DEBUG Starting external process
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1366612
master:
The uninstallation now fails, but the result code is 0:
[11:44:48]root@f24replica1:/home/ofayans]$ ipa-server-install --uninstall -U WARNING: yacc table file version is out of date ipa : ERROR Server removal aborted: Removal of 'f24replica1.pesen.net' leads to disconnected topology in suffix 'domain': Topology does not allow server f24master.pesen.net to replicate with servers: f24replica2.pesen.net Topology does not allow server f24replica2.pesen.net to replicate with servers: f24master.pesen.net Removal of 'f24replica1.pesen.net' leads to disconnected topology in suffix 'ca': Topology does not allow server f24master.pesen.net to replicate with servers: f24replica2.pesen.net Topology does not allow server f24replica2.pesen.net to replicate with servers: f24master.pesen.net. [11:44:48]root@f24replica1:/home/ofayans]$ echo $? 0
Could we please use correct return code here?
There's another ticket for that (#3230). For the four years of its existence no one was able/cared enough to fix it, volunteers are welcome though.
Metadata Update from @ofayans: - Issue assigned to stlaz - Issue set to the milestone: FreeIPA 4.4.1
Log in to comment on this ticket.