[Freeipa-devel] Topology Plugin design questions

Petr Vobornik pvoborni at redhat.com
Fri Aug 14 07:25:06 UTC 2015 

On 08/14/2015 08:26 AM, Oleg Fayans wrote:
> The problem of current implementation of topologysegment-add is that it
> does not support '--connectivity' commandline option:
> $ ipa help topologysegment-add
> Usage: ipa [global-options] topologysegment-add TOPOLOGYSUFFIX NAME
> [options]
>
> Add a new segment.
> Options:
>    -h, --help            show this help message and exit
>    --leftnode=STR        Left replication node - an IPA server
>    --rightnode=STR       Right replication node - an IPA server
>    --stripattrs=STR      A space separated list of attributes which are
> removed
>                          from replication updates.
>    --replattrs=STR       Attributes that are not replicated to a consumer
>                          server during a fractional update. E.g.,
>                          `(objectclass=*) $ EXCLUDE accountlockout memberof
>    --replattrstotal=STR  Attributes that are not replicated to a consumer
>                          server during a total update. E.g.
> (objectclass=*) $
>                          EXCLUDE accountlockout
>    --timeout=INT         Number of seconds outbound LDAP operations
> waits for a
>                          response from the remote replica before timing
> out and
>                          failing
>    --setattr=STR         Set an attribute to a name/value pair. Format is
>                          attr=value. For multi-valued attributes, the
> command
>                          replaces the values already present.
>    --addattr=STR         Add an attribute/value pair. Format is
> attr=value. The
>                          attribute must be part of the schema.
>    --all                 Retrieve and print all attributes from the server.
>                          Affects command output.
>    --raw                 Print entries as stored on the server. Only
> affects
>                          output format.

This is correct, see https://fedorahosted.org/freeipa/ticket/5061

>
> But when you actually create a segment, it asks for connectivity
> interactively, which effectively blocks automation.

It should not ask, it's a bug, please file a ticket.

>
>
>
> On 08/13/2015 12:13 PM, Ludwig Krispenz wrote:
>>
>> On 08/13/2015 10:49 AM, Petr Vobornik wrote:
>>> On 08/13/2015 09:55 AM, Ludwig Krispenz wrote:
>>>>
>>>> On 08/10/2015 10:54 AM, Oleg Fayans wrote:
>>>>> Hi Ludwig,
>>>>>
>>>>> It seems the Design page for the topology plugin is a bit outdated.
>>>>> 1. It still operates with the terms like plugin version
>>>>> (http://www.freeipa.org/page/V4/Manage_replication_topology#Check_for_modify_operation),
>>>>>
>>>>>
>>>>> although it was generally agreed, that we do not use plugin version at
>>>>> all.
>>>>>
>>>>> 2. The section
>>>>> http://www.freeipa.org/page/V4/Manage_replication_topology#Check_after_online_initializatition
>>>>>
>>>>>
>>>>> should be a bit clarified:
>>>>> Does this mean, that if we prepare a replica from a master that has
>>>>> domainlevel = 1, then the replica, that already had a domain level = 0
>>>>> will raise it? Do we support this scenario at all?
>>>>>
>>>>> 3. Segment directions. Currently there is no way to specify segment
>>>>> direction using the cli `ipa topologysegment-add`. However the
>>>>> direction is shown with `ipa topologysegment-find` and `ipa
>>>>> topologysegment-show`, which leads to confusing of the users. We
>>>>> probably should remove this info from the output at all and update the
>>>>> design page accordingly.
>>>> this is not true, in segment add youcan specify the direction:
>>>>
>>>> adding the segment:
>>>> -------------
>>>> [root at vm-215 ~]# ipa topologysegment-add realm
>>>> Left node: vm-112.abc.idm.lab.eng.brq.redhat.com
>>>> Right node: vm-179.abc.idm.lab.eng.brq.redhat.com
>>>> Connectivity [both]: left-right
>>>> Segment name
>>>> [vm-112.abc.idm.lab.eng.brq.redhat.com-to-vm-179.abc.idm.lab.eng.brq.redhat.com]:
>>>>
>>>>
>>>> onedirect
>>>> -------------------------
>>>> Added segment "onedirect"
>>>> -------------------------
>>>>    Segment name: onedirect
>>>>    Left node: vm-112.abc.idm.lab.eng.brq.redhat.com
>>>>    Right node: vm-179.abc.idm.lab.eng.brq.redhat.com
>>>>    Connectivity: left-right
>>>>
>>>>
>>>> checking the segment:
>>>>
>>>> [root at vm-215 ~]# ipa topologysegment-find realm
>>>> ------------------
>>>> .....
>>>> ------------------
>>>>    Segment name: onedirect
>>>>    Left node: vm-112.abc.idm.lab.eng.brq.redhat.com
>>>>    Right node: vm-179.abc.idm.lab.eng.brq.redhat.com
>>>>    Connectivity: left-right
>>>>
>>>> ......
>>>>
>>>
>>> This is a bug. Option "direction" was removed from -add and -mod
>>> commands on purpose.
>> I thought it should only be removed from the mod, as it was not handled
>> in the plugin, but I think initial creation of a one directional segment
>> should be ok
>>
>>> But CLI still incorrectly asks for the value and therefore allows to
>>> change the default "both".
>>
>


-- 
Petr Vobornik

More information about the Freeipa-devel mailing list