[Freeipa-devel] topologysegment-mod question

Oleg Fayans ofayans at redhat.com
Wed Jun 24 12:30:25 UTC 2015 


On 06/24/2015 02:25 PM, Ludwig Krispenz wrote:
>
> On 06/24/2015 01:59 PM, Oleg Fayans wrote:
>> Hi Petr,
>>
>> Thanks for clarification! It seems though, that all possible 
>> attributes are already mapped to the topologysegment-mod options:
>>
>> [13:42:45]ofayans at vm-244:~]$  ipa show-mappings topologysegment-mod
>> Parameter      : LDAP attribute
>> =========      : ==============
>> stripattrs     : nsds5replicastripattrs
>> replattrs      : nsds5replicatedattributelist
>> replattrstotal : nsds5replicatedattributelisttotal
>> timeout        : nsds5replicatimeout
>> enabled        : nsds5replicaenabled
>> rights         : rights
>> [13:47:41]ofayans at vm-244:~]$ ipa help topologysegment-mod
>> Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX NAME 
>> [options]
>>
>> Modify a segment.
>> Options:
>>   -h, --help            show this help message and exit
>>   --stripattrs=STR      A space separated list of attributes which 
>> are removed
>>                         from replication updates.
>>   --replattrs=STR       Attributes that are not replicated to a consumer
>>                         server during a fractional update. E.g.,
>>                         `(objectclass=*) $ EXCLUDE accountlockout 
>> memberof
>>   --replattrstotal=STR  Attributes that are not replicated to a consumer
>>                         server during a total update. E.g. 
>> (objectclass=*) $
>>                         EXCLUDE accountlockout
>>   --timeout=INT         Number of seconds outbound LDAP operations 
>> waits for a
>>                         response from the remote replica before 
>> timing out and
>>                         failing
>>   --enabled=['on', 'off']
>>                         Whether a replication agreement is active, 
>> meaning
>>                         whether replication is occurring per that 
>> agreement
>>   --setattr=STR         Set an attribute to a name/value pair. Format is
>>                         attr=value. For multi-valued attributes, the 
>> command
>>                         replaces the values already present.
>>   --addattr=STR         Add an attribute/value pair. Format is 
>> attr=value. The
>>                         attribute must be part of the schema.
>>   --delattr=STR         Delete an attribute/value pair. The option 
>> will be
>>                         evaluated last, after all sets and adds.
>>   --rights              Display the access rights of this entry (requires
>>                         --all). See ipa man page for details.
>>   --all                 Retrieve and print all attributes from the 
>> server.
>>                         Affects command output.
>>   --raw                 Print entries as stored on the server. Only 
>> affects
>>                         output format.
>>
>> So, setattr, addattr and delattr should, I think, be explained in the 
>> design document, with example usage.
>>
>> Another question that I have:
>> In order to test topologysegment-reinitialize, I need to set the 
>> replica timeout to, say, 1, then turn this replica off, then make 
>> some changes on master and turn on the replica? I mean, my goal is to 
>> make master to give up attempts to synchronize with replica, is that 
>> correct?
> I don't see why you want to do all these steps, initialize means that 
> the database of B is overwritten by the database of A, so you could 
> check that the content is the same. But to simulate a situation where 
> init is required is not so easy, if you turn the replica on again, the 
> changes could be normally replicated before you start the init
The question is: how do I make sure that the content on node /a /is 
overwritten with the content of node /b/? I kind of need the two nodes 
to have different content and not trying to synchronize automatically
>>
>> On 06/24/2015 12:28 PM, Petr Vobornik wrote:
>>> On 06/24/2015 12:19 PM, Oleg Fayans wrote:
>>>> Hi Ludwig,
>>>>
>>>> I see some contradictions in the way the segment modification cli is
>>>> implemented:
>>>>
>>>> 1.
>>>> $ ipa help topologysegment-mod
>>>> Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX NAME
>>>> [options]
>>>>
>>>> $ ipa topologysegment-mod realm 127-to-244 --setattr=Segment name=test
>>>> ipa: ERROR: command 'topologysegment_mod' takes at most 2 arguments
>>>>
>>>> (suffix + name + options = 3, not 2)
>>>
>>> 'Segment name' is not correct attribute name. More below.
>>>
>>>>
>>>> 2.
>>>> Is there a way to list all possible attributes available for 
>>>> modification?
>>>> When do topologysegment-show --all, I get quite a small number of 
>>>> them,
>>>> and even them I am unable to modify:
>>>>
>>>> $ ipa topologysegment-show realm 127-to-244 --all
>>>>    dn:
>>>> cn=127-to-244,cn=realm,cn=topology,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com 
>>>>
>>>>
>>>>    Segment name: 127-to-244
>>>>    Left node: vm-127.idm.lab.eng.brq.redhat.com
>>>>    Right node: vm-244.idm.lab.eng.brq.redhat.com
>>>>    Connectivity: both
>>>>    objectclass: top, iparepltoposegment
>>>>
>>>> $ ipa topologysegment-mod realm 127-to-244
>>>> --setattr=connectivity=left-right
>>>> ipa: ERROR: attribute "connectivity" not allowed
>>>> $ ipa topologysegment-mod realm 127-to-244 
>>>> --setattr=direction=left-right
>>>> ipa: ERROR: attribute "direction" not allowed
>>>>
>>>
>>> --XXXattr options work with LDAP attributes names. 'direction' is 
>>> the option name but not attribute name. Attribute name is 
>>> iparepltoposegmentdirection.
>>>
>>> You can see the mappings in, e.g.,:
>>>   ipa show-mappings topologysegment-mod
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> -- 
>> Oleg Fayans
>> Quality Engineer
>> FreeIPA team
>> RedHat.
>>
>>
>
>
>

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150624/f7112aef/attachment.htm>

More information about the Freeipa-devel mailing list