[Freeipa-devel] [PATCH 0329] ipa-replica-manage: Do not allow topology altering commands
Martin Babinsky
mbabinsk at redhat.com
Mon Jun 15 12:59:20 UTC 2015
On 06/10/2015 07:23 PM, Petr Vobornik wrote:
> On 06/10/2015 04:39 PM, Petr Vobornik wrote:
>> On 06/10/2015 04:06 PM, Petr Vobornik wrote:
>>> On 06/02/2015 02:24 PM, Ludwig Krispenz wrote:
>>>> hi,
>>>>
>>>> is there a real replacement for "del", it is not in the scope of the
>>>> topology commands, the removal of teh agreement is rejected and later
>>>> done by the plugin, but what about removal of the host, services,
>>>> cleanruv ?
>>>>
>>>> Ludwig
>>>> On 06/02/2015 02:10 PM, Tomas Babej wrote:
>>>>> Hi,
>>>>>
>>>>> With Domain Level 1 and above, the usage of ipa-replica-manage
>>>>> commands
>>>>> that alter the replica topology is deprecated. Following commands
>>>>> are prohibited:
>>>>>
>>>>> * connect
>>>>> * disconnect
>>>>> * del
>>>>>
>>>>> Upon executing any of these commands, users are pointed out to the
>>>>> ipa topologysegment-* replacements.
>>>>>
>>>>> Part of: https://fedorahosted.org/freeipa/ticket/4302
>>>>>
>>>
>>>
>>> Tomas is on vacation. I've removed 'del' from his patch and will create
>>> a new one for handling of 'del'.
>>>
>>> If that's OK, we can push this one.
>>>
>>>
>>
>> NACK
>>
>> 'connect' and 'disconnect' serve also for setting up/removing of winsync
>> replication agreements. This patch forbids it.
>
> attaching patch which addresses this issue and replaces Tomas'
> patch(which was used as a basis). Patch for 'del' will follow.
>
>>
>> I've not tested if topology plugin ignores winsync agreements. Does it?
>
>
>
ACK for the patch.
I think that winsync agreements should be ignored because they live in
'cn=replicas,cn=ipa,cn=etc,$SUFFIX', not among cn=masters (but I may be
wrong).
I have just now setup winsync agreement and it doesn't show up in
cn=topology at all.
--
Martin^3 Babinsky
More information about the Freeipa-devel
mailing list