#3444 ipa-replica-manage delete weaknesses
Closed: Fixed None Opened 11 years ago by rcritten.

I discovered during replication testing that it is possible to get into a state that causes ipa-replica-manage to fail.

The first problem has to do with our new scheme for validating that we are preserving at least one CA and one DNS server. If you break the replica install after replication, say right after replication has started, you will not have a cn=masters entry.

This will cause ipa-replica-manage to fail, this fixes that:

@@ -635,7 +635,10 @@ def del_master(realm, hostname, options):

         for master_cn in [m.getValue('cn') for m in masters]:
             master_dn = DN(('cn', master_cn), ('cn', 'masters'), ('cn', 'ipa'),
 ('cn', 'etc'), ipautil.realm_to_suffix(realm))
-            services = delrepl.conn.getList(master_dn, ldap.SCOPE_ONELEVEL)
+            try:
+                services = d87 992 999 1025 1059 1066 1071 1089 1123 1154 1159 1172 1173 1174 1210 1214 1224 1225 1238 1253 1271 1275 1296 1297 1299 1302 1313 1314 1315 1365 1380 1408 1431 1464 1478 1491 1503 1560 1584 1589 1593 1678 1680 1699 1712 1722 1726 1749 1755 1765 1784 1822 1824 1826 1844 1845 1851 1857 1886 1887 1894 1907 1917 1930 1934 1947 1954 1962 2004 2005 2018 2024 2025 2026 2033 2068 2080 2081 2087 2105 2110 2111 2113 2133 2144 2149 2152 2153 2155 2156 2158 2163 2164 2197 2201 2203 2245 2249 2254 2262 2263 2265 2266 2278 2279 2313 2324 2328 2329 2336 2346 2348 2356 2358 2360 2361 2366 2370 2373 2374 2380 2381 2388 2389 2390 2426 2427 2443 2445 2453 2454 2455 2456 2457 2465 2496 2519 2536 2539 2558 2560 2561 2570 2575 2579 2586 2589 2593 2595 2609 2643 2653 2655 2659 2673 2678 2679 2694 2703 2707 2712 2713 2721 2724 2729 2731 2745 2746 2751 2766 2770 2773 2775 2776 2782 2783 2785 2786 2789 2791 2792 2795 2801 2802 2807 2808 2811 2818 2823 2826 2833 2848 2854 2883 2887 2888 2889 2903 2904 2909 2911 2912 2915 2918 2920

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 3.2 - 2013/03

7 years ago

Login to comment on this ticket.

Metadata