[Freeipa-devel] [PATCH] 286-288 Warn when ID range with incorrect size was created

[Martin Kosek]

On 07/11/2012 09:27 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> IPA 3.0 introduced range ID objects in replicated space which specify
>> a range of IDs assigned via DNA plugin. ipa-ldap-updater generates the
>> default ID range which should correspond with IDs assigned to IPA
>> users.
>>
>> However, since correct range size is not known, we should at least
>> warn that a range with invalid size was created so that user can
>> amend it.
>>
>>
>> I created 2 new tickets to add further improve this area:
>>
>> 1) #2918: [doc] Upgrade procedure section should mention ipa-ldap-updater
>> 2) #2919: Improve safety checks in range command
>>
>>
>> To test this patch, you can:
>> 1) Install unpatched IPA server (and you may install replicas too) with custom
>> --idstart and --idmax options where difference is greater then 200000
>> 2) Remove default range with range-del command (will be restored during upgrade)
>> 3) Run RPM upgrade with RPMs built from patched sources - ERROR should now be
>> printed during update stating that a new range was created but its size is not
>> right
> 
> I don't understand step 2, why would someone remove their range before upgrading?
> 
> I installed with a 50k range, didn't remove it, then upgraded with no warning.
> I deleted the range and re-installed the packages again, still no warning but a
> new 200k range was created for me.
> 
> rob

The step 2 is artificial and is only done to force the default_range update
plugin to create/restore the default IPA range. The plugin would just be
skipped otherwise.

We can only detect ranges larger than 200k - judging just from the number of
free IDs. Thus, 50k range will pass without any warning or error. If you create
a bigger range (this can be detected unless you deplete all IDs below 200k
mark), you will receive the warning. All this procedure will not handle all
situations ATM, its just heuristics to cover most cases...

Martin