[Freeipa-devel] topologysegment-mod question
Ludwig Krispenz
lkrispen at redhat.com
Wed Jun 24 12:35:52 UTC 2015
On 06/24/2015 02:30 PM, Oleg Fayans wrote:
>
>
> On 06/24/2015 02:25 PM, Ludwig Krispenz wrote:
>>
>> On 06/24/2015 01:59 PM, Oleg Fayans wrote:
>>> Hi Petr,
>>>
>>> Thanks for clarification! It seems though, that all possible
>>> attributes are already mapped to the topologysegment-mod options:
>>>
>>> [13:42:45]ofayans at vm-244:~]$ ipa show-mappings topologysegment-mod
>>> Parameter : LDAP attribute
>>> ========= : ==============
>>> stripattrs : nsds5replicastripattrs
>>> replattrs : nsds5replicatedattributelist
>>> replattrstotal : nsds5replicatedattributelisttotal
>>> timeout : nsds5replicatimeout
>>> enabled : nsds5replicaenabled
>>> rights : rights
>>> [13:47:41]ofayans at vm-244:~]$ ipa help topologysegment-mod
>>> Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX NAME
>>> [options]
>>>
>>> Modify a segment.
>>> Options:
>>> -h, --help show this help message and exit
>>> --stripattrs=STR A space separated list of attributes which
>>> are removed
>>> from replication updates.
>>> --replattrs=STR Attributes that are not replicated to a consumer
>>> server during a fractional update. E.g.,
>>> `(objectclass=*) $ EXCLUDE accountlockout
>>> memberof
>>> --replattrstotal=STR Attributes that are not replicated to a consumer
>>> server during a total update. E.g.
>>> (objectclass=*) $
>>> EXCLUDE accountlockout
>>> --timeout=INT Number of seconds outbound LDAP operations
>>> waits for a
>>> response from the remote replica before
>>> timing out and
>>> failing
>>> --enabled=['on', 'off']
>>> Whether a replication agreement is active,
>>> meaning
>>> whether replication is occurring per that
>>> agreement
>>> --setattr=STR Set an attribute to a name/value pair. Format is
>>> attr=value. For multi-valued attributes, the
>>> command
>>> replaces the values already present.
>>> --addattr=STR Add an attribute/value pair. Format is
>>> attr=value. The
>>> attribute must be part of the schema.
>>> --delattr=STR Delete an attribute/value pair. The option
>>> will be
>>> evaluated last, after all sets and adds.
>>> --rights Display the access rights of this entry
>>> (requires
>>> --all). See ipa man page for details.
>>> --all Retrieve and print all attributes from the
>>> server.
>>> Affects command output.
>>> --raw Print entries as stored on the server. Only
>>> affects
>>> output format.
>>>
>>> So, setattr, addattr and delattr should, I think, be explained in
>>> the design document, with example usage.
>>>
>>> Another question that I have:
>>> In order to test topologysegment-reinitialize, I need to set the
>>> replica timeout to, say, 1, then turn this replica off, then make
>>> some changes on master and turn on the replica? I mean, my goal is
>>> to make master to give up attempts to synchronize with replica, is
>>> that correct?
>> I don't see why you want to do all these steps, initialize means that
>> the database of B is overwritten by the database of A, so you could
>> check that the content is the same. But to simulate a situation where
>> init is required is not so easy, if you turn the replica on again,
>> the changes could be normally replicated before you start the init
> The question is: how do I make sure that the content on node /a /is
> overwritten with the content of node /b/? I kind of need the two nodes
> to have different content and not trying to synchronize automatically
you could combine this with a backup test. On server A make a backup,
make some changes on any node and wait until it is replicated
everywhere. restore A from the backup and reinitialize the complete
topology. It should be enough with 2 or three servers
>>>
>>> On 06/24/2015 12:28 PM, Petr Vobornik wrote:
>>>> On 06/24/2015 12:19 PM, Oleg Fayans wrote:
>>>>> Hi Ludwig,
>>>>>
>>>>> I see some contradictions in the way the segment modification cli is
>>>>> implemented:
>>>>>
>>>>> 1.
>>>>> $ ipa help topologysegment-mod
>>>>> Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX NAME
>>>>> [options]
>>>>>
>>>>> $ ipa topologysegment-mod realm 127-to-244 --setattr=Segment
>>>>> name=test
>>>>> ipa: ERROR: command 'topologysegment_mod' takes at most 2 arguments
>>>>>
>>>>> (suffix + name + options = 3, not 2)
>>>>
>>>> 'Segment name' is not correct attribute name. More below.
>>>>
>>>>>
>>>>> 2.
>>>>> Is there a way to list all possible attributes available for
>>>>> modification?
>>>>> When do topologysegment-show --all, I get quite a small number of
>>>>> them,
>>>>> and even them I am unable to modify:
>>>>>
>>>>> $ ipa topologysegment-show realm 127-to-244 --all
>>>>> dn:
>>>>> cn=127-to-244,cn=realm,cn=topology,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
>>>>>
>>>>>
>>>>> Segment name: 127-to-244
>>>>> Left node: vm-127.idm.lab.eng.brq.redhat.com
>>>>> Right node: vm-244.idm.lab.eng.brq.redhat.com
>>>>> Connectivity: both
>>>>> objectclass: top, iparepltoposegment
>>>>>
>>>>> $ ipa topologysegment-mod realm 127-to-244
>>>>> --setattr=connectivity=left-right
>>>>> ipa: ERROR: attribute "connectivity" not allowed
>>>>> $ ipa topologysegment-mod realm 127-to-244
>>>>> --setattr=direction=left-right
>>>>> ipa: ERROR: attribute "direction" not allowed
>>>>>
>>>>
>>>> --XXXattr options work with LDAP attributes names. 'direction' is
>>>> the option name but not attribute name. Attribute name is
>>>> iparepltoposegmentdirection.
>>>>
>>>> You can see the mappings in, e.g.,:
>>>> ipa show-mappings topologysegment-mod
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> Oleg Fayans
>>> Quality Engineer
>>> FreeIPA team
>>> RedHat.
>>>
>>>
>>
>>
>>
>
> --
> Oleg Fayans
> Quality Engineer
> FreeIPA team
> RedHat.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150624/bd672079/attachment.htm>
More information about the Freeipa-devel
mailing list