[Freeipa-devel] topologysegment-mod question
Oleg Fayans
ofayans at redhat.com
Wed Jun 24 14:19:06 UTC 2015
On 06/24/2015 02:35 PM, Ludwig Krispenz wrote:
>
> On 06/24/2015 02:30 PM, Oleg Fayans wrote:
>>
>>
>> On 06/24/2015 02:25 PM, Ludwig Krispenz wrote:
>>>
>>> On 06/24/2015 01:59 PM, Oleg Fayans wrote:
>>>> Hi Petr,
>>>>
>>>> Thanks for clarification! It seems though, that all possible
>>>> attributes are already mapped to the topologysegment-mod options:
>>>>
>>>> [13:42:45]ofayans at vm-244:~]$ ipa show-mappings topologysegment-mod
>>>> Parameter : LDAP attribute
>>>> ========= : ==============
>>>> stripattrs : nsds5replicastripattrs
>>>> replattrs : nsds5replicatedattributelist
>>>> replattrstotal : nsds5replicatedattributelisttotal
>>>> timeout : nsds5replicatimeout
>>>> enabled : nsds5replicaenabled
>>>> rights : rights
>>>> [13:47:41]ofayans at vm-244:~]$ ipa help topologysegment-mod
>>>> Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX NAME
>>>> [options]
>>>>
>>>> Modify a segment.
>>>> Options:
>>>> -h, --help show this help message and exit
>>>> --stripattrs=STR A space separated list of attributes which
>>>> are removed
>>>> from replication updates.
>>>> --replattrs=STR Attributes that are not replicated to a
>>>> consumer
>>>> server during a fractional update. E.g.,
>>>> `(objectclass=*) $ EXCLUDE accountlockout
>>>> memberof
>>>> --replattrstotal=STR Attributes that are not replicated to a
>>>> consumer
>>>> server during a total update. E.g.
>>>> (objectclass=*) $
>>>> EXCLUDE accountlockout
>>>> --timeout=INT Number of seconds outbound LDAP operations
>>>> waits for a
>>>> response from the remote replica before
>>>> timing out and
>>>> failing
>>>> --enabled=['on', 'off']
>>>> Whether a replication agreement is active,
>>>> meaning
>>>> whether replication is occurring per that
>>>> agreement
>>>> --setattr=STR Set an attribute to a name/value pair.
>>>> Format is
>>>> attr=value. For multi-valued attributes,
>>>> the command
>>>> replaces the values already present.
>>>> --addattr=STR Add an attribute/value pair. Format is
>>>> attr=value. The
>>>> attribute must be part of the schema.
>>>> --delattr=STR Delete an attribute/value pair. The option
>>>> will be
>>>> evaluated last, after all sets and adds.
>>>> --rights Display the access rights of this entry
>>>> (requires
>>>> --all). See ipa man page for details.
>>>> --all Retrieve and print all attributes from the
>>>> server.
>>>> Affects command output.
>>>> --raw Print entries as stored on the server. Only
>>>> affects
>>>> output format.
>>>>
>>>> So, setattr, addattr and delattr should, I think, be explained in
>>>> the design document, with example usage.
>>>>
>>>> Another question that I have:
>>>> In order to test topologysegment-reinitialize, I need to set the
>>>> replica timeout to, say, 1, then turn this replica off, then make
>>>> some changes on master and turn on the replica? I mean, my goal is
>>>> to make master to give up attempts to synchronize with replica, is
>>>> that correct?
>>> I don't see why you want to do all these steps, initialize means
>>> that the database of B is overwritten by the database of A, so you
>>> could check that the content is the same. But to simulate a
>>> situation where init is required is not so easy, if you turn the
>>> replica on again, the changes could be normally replicated before
>>> you start the init
>> The question is: how do I make sure that the content on node /a /is
>> overwritten with the content of node /b/? I kind of need the two
>> nodes to have different content and not trying to synchronize
>> automatically
> you could combine this with a backup test. On server A make a backup,
> make some changes on any node and wait until it is replicated
> everywhere. restore A from the backup and reinitialize the complete
> topology. It should be enough with 2 or three servers
Will the changes introduced by restoring from backup not get replicated
automatically?
>>>>
>>>> On 06/24/2015 12:28 PM, Petr Vobornik wrote:
>>>>> On 06/24/2015 12:19 PM, Oleg Fayans wrote:
>>>>>> Hi Ludwig,
>>>>>>
>>>>>> I see some contradictions in the way the segment modification cli is
>>>>>> implemented:
>>>>>>
>>>>>> 1.
>>>>>> $ ipa help topologysegment-mod
>>>>>> Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX NAME
>>>>>> [options]
>>>>>>
>>>>>> $ ipa topologysegment-mod realm 127-to-244 --setattr=Segment
>>>>>> name=test
>>>>>> ipa: ERROR: command 'topologysegment_mod' takes at most 2 arguments
>>>>>>
>>>>>> (suffix + name + options = 3, not 2)
>>>>>
>>>>> 'Segment name' is not correct attribute name. More below.
>>>>>
>>>>>>
>>>>>> 2.
>>>>>> Is there a way to list all possible attributes available for
>>>>>> modification?
>>>>>> When do topologysegment-show --all, I get quite a small number of
>>>>>> them,
>>>>>> and even them I am unable to modify:
>>>>>>
>>>>>> $ ipa topologysegment-show realm 127-to-244 --all
>>>>>> dn:
>>>>>> cn=127-to-244,cn=realm,cn=topology,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
>>>>>>
>>>>>>
>>>>>> Segment name: 127-to-244
>>>>>> Left node: vm-127.idm.lab.eng.brq.redhat.com
>>>>>> Right node: vm-244.idm.lab.eng.brq.redhat.com
>>>>>> Connectivity: both
>>>>>> objectclass: top, iparepltoposegment
>>>>>>
>>>>>> $ ipa topologysegment-mod realm 127-to-244
>>>>>> --setattr=connectivity=left-right
>>>>>> ipa: ERROR: attribute "connectivity" not allowed
>>>>>> $ ipa topologysegment-mod realm 127-to-244
>>>>>> --setattr=direction=left-right
>>>>>> ipa: ERROR: attribute "direction" not allowed
>>>>>>
>>>>>
>>>>> --XXXattr options work with LDAP attributes names. 'direction' is
>>>>> the option name but not attribute name. Attribute name is
>>>>> iparepltoposegmentdirection.
>>>>>
>>>>> You can see the mappings in, e.g.,:
>>>>> ipa show-mappings topologysegment-mod
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> Oleg Fayans
>>>> Quality Engineer
>>>> FreeIPA team
>>>> RedHat.
>>>>
>>>>
>>>
>>>
>>>
>>
>> --
>> Oleg Fayans
>> Quality Engineer
>> FreeIPA team
>> RedHat.
>>
>>
>
>
>
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150624/45c86554/attachment.htm>
More information about the Freeipa-devel
mailing list