[Freeipa-devel] topologysegment-mod question

Ludwig Krispenz lkrispen at redhat.com
Wed Jun 24 12:25:30 UTC 2015 

On 06/24/2015 01:59 PM, Oleg Fayans wrote:
> Hi Petr,
>
> Thanks for clarification! It seems though, that all possible 
> attributes are already mapped to the topologysegment-mod options:
>
> [13:42:45]ofayans at vm-244:~]$  ipa show-mappings topologysegment-mod
> Parameter      : LDAP attribute
> =========      : ==============
> stripattrs     : nsds5replicastripattrs
> replattrs      : nsds5replicatedattributelist
> replattrstotal : nsds5replicatedattributelisttotal
> timeout        : nsds5replicatimeout
> enabled        : nsds5replicaenabled
> rights         : rights
> [13:47:41]ofayans at vm-244:~]$ ipa help topologysegment-mod
> Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX NAME 
> [options]
>
> Modify a segment.
> Options:
>   -h, --help            show this help message and exit
>   --stripattrs=STR      A space separated list of attributes which are 
> removed
>                         from replication updates.
>   --replattrs=STR       Attributes that are not replicated to a consumer
>                         server during a fractional update. E.g.,
>                         `(objectclass=*) $ EXCLUDE accountlockout memberof
>   --replattrstotal=STR  Attributes that are not replicated to a consumer
>                         server during a total update. E.g. 
> (objectclass=*) $
>                         EXCLUDE accountlockout
>   --timeout=INT         Number of seconds outbound LDAP operations 
> waits for a
>                         response from the remote replica before timing 
> out and
>                         failing
>   --enabled=['on', 'off']
>                         Whether a replication agreement is active, meaning
>                         whether replication is occurring per that 
> agreement
>   --setattr=STR         Set an attribute to a name/value pair. Format is
>                         attr=value. For multi-valued attributes, the 
> command
>                         replaces the values already present.
>   --addattr=STR         Add an attribute/value pair. Format is 
> attr=value. The
>                         attribute must be part of the schema.
>   --delattr=STR         Delete an attribute/value pair. The option will be
>                         evaluated last, after all sets and adds.
>   --rights              Display the access rights of this entry (requires
>                         --all). See ipa man page for details.
>   --all                 Retrieve and print all attributes from the server.
>                         Affects command output.
>   --raw                 Print entries as stored on the server. Only 
> affects
>                         output format.
>
> So, setattr, addattr and delattr should, I think, be explained in the 
> design document, with example usage.
>
> Another question that I have:
> In order to test topologysegment-reinitialize, I need to set the 
> replica timeout to, say, 1, then turn this replica off, then make some 
> changes on master and turn on the replica? I mean, my goal is to make 
> master to give up attempts to synchronize with replica, is that correct?
I don't see why you want to do all these steps, initialize means that 
the database of B is overwritten by the database of A, so you could 
check that the content is the same. But to simulate a situation where 
init is required is not so easy, if you turn the replica on again, the 
changes could be normally replicated before you start the init
>
> On 06/24/2015 12:28 PM, Petr Vobornik wrote:
>> On 06/24/2015 12:19 PM, Oleg Fayans wrote:
>>> Hi Ludwig,
>>>
>>> I see some contradictions in the way the segment modification cli is
>>> implemented:
>>>
>>> 1.
>>> $ ipa help topologysegment-mod
>>> Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX NAME
>>> [options]
>>>
>>> $ ipa topologysegment-mod realm 127-to-244 --setattr=Segment name=test
>>> ipa: ERROR: command 'topologysegment_mod' takes at most 2 arguments
>>>
>>> (suffix + name + options = 3, not 2)
>>
>> 'Segment name' is not correct attribute name. More below.
>>
>>>
>>> 2.
>>> Is there a way to list all possible attributes available for 
>>> modification?
>>> When do topologysegment-show --all, I get quite a small number of them,
>>> and even them I am unable to modify:
>>>
>>> $ ipa topologysegment-show realm 127-to-244 --all
>>>    dn:
>>> cn=127-to-244,cn=realm,cn=topology,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com 
>>>
>>>
>>>    Segment name: 127-to-244
>>>    Left node: vm-127.idm.lab.eng.brq.redhat.com
>>>    Right node: vm-244.idm.lab.eng.brq.redhat.com
>>>    Connectivity: both
>>>    objectclass: top, iparepltoposegment
>>>
>>> $ ipa topologysegment-mod realm 127-to-244
>>> --setattr=connectivity=left-right
>>> ipa: ERROR: attribute "connectivity" not allowed
>>> $ ipa topologysegment-mod realm 127-to-244 
>>> --setattr=direction=left-right
>>> ipa: ERROR: attribute "direction" not allowed
>>>
>>
>> --XXXattr options work with LDAP attributes names. 'direction' is the 
>> option name but not attribute name. Attribute name is 
>> iparepltoposegmentdirection.
>>
>> You can see the mappings in, e.g.,:
>>   ipa show-mappings topologysegment-mod
>>
>>
>>
>>
>>
>>
>
> -- 
> Oleg Fayans
> Quality Engineer
> FreeIPA team
> RedHat.
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150624/9ac1e9dd/attachment.htm>

More information about the Freeipa-devel mailing list