[Freeipa-devel] [PATCH] 873-874 ipa-replica-manage: adjust del to work with managed topology

Petr Vobornik pvoborni at redhat.com
Mon Jun 15 12:15:36 UTC 2015 

On 06/15/2015 01:46 PM, Martin Babinsky wrote:
> On 06/15/2015 10:57 AM, Petr Vobornik wrote:
>> On 06/12/2015 04:18 PM, Petr Vobornik wrote:
>>> Some notes:
>>>
>>> 1. As mentioned in the WIP patch thread: original 'del' worked also with
>>> winsync agreements. I'm not sure why is that. Shouldn't 'disconnect' be
>>> used for winsync agreements? At least man page says that. This patch
>>> doesn't support it if domain level > 0. Is it a blocker?
>>>
>>> Following should be addressed in beta:
>>>
>>> 2. If `ipa-replica-manage del` is run before `ipa-csreplica-manage del`
>>> then the `ipa-csreplica-manage del` will fail unless run with --force
>>> options.
>>>
>>> 3. Check for orphaned server is missing. I want to use proper graph
>>> traversing algorithm for that given that we have the whole topology.
>>>
>>> 4. Probably a work for topology plugin: I've seen that the removed
>>> master doesn't remove its segments and agreements even though that it
>>> knows about its removal (doesn't have its own entry in cn=masters). It
>>> leads to failed replication connection attempts. Not a big issue, but
>>> also not wanted.
>>>
>>>
>>
>> Martin3 found that there is wrong hostname in one error message. Fixed.
>> Patch 873 rebased.
>
> Sorry but NACK.
>
> When I try to test the removal of last CA master I get a generic error
> like this:
>
> """
> unexpected error: no such entry
>
> """
>
> Traceback leading to this error is here:
> http://pastebin.test.redhat.com/290131
>
> This is caused by the following test which assumes that 'master' is a
> string, but this is in fact the whole result dictionary returned by
> api.Command.server_find
>
> +        if master == hostname:
> +            this_services = services_cns
>
> the following quick hack fixes this:
> +        if str(master['dn'][0]['cn']) == hostname:
> +            this_services = services_cn
>
> but there is certainly a more elegant approach, like transforming the
> results to a list of master FQDNs directly after calling API command on
> line 679.
>

ah, had this originally when serverservice object was used instead of 
direct ldap find in the WIP patch. Dict allow us to get dn directly for 
the service search. CN is also in the dict: master['cn'][0] so not need 
to get it from dn.

Thanks for finding it.

Updated patch attached.
-- 
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0874-3-ipa-replica-manage-adjust-del-to-work-with-managed-t.patch
Type: text/x-patch
Size: 11998 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150615/26d324e9/attachment.bin>

More information about the Freeipa-devel mailing list