[Freeipa-devel] server_del (re)implementation in domain level 1 topology management

Petr Vobornik pvoborni at redhat.com
Thu Mar 17 13:55:48 UTC 2016 

On 03/17/2016 02:39 PM, Martin Babinsky wrote:
> Hi list,
>
> I would like to discuss the merge of `del_master_managed()` function
> from `ipa-replica-manage` command into the server_del API call that is a
> part of the managed replication topology design update[1] (see also the
> corresponding upstream ticket [2]).
>
> Before I head down into coding I want to be sure that everyone is one
> the same page regarding the expected use-cases which govern the API design.
>
> IIUC, there are two main uses of the new functionality according to
> design document:
>
> 1.) run 'server_del' when 'ipa-replica-manage del' is run in domain-level 1

Right, this is for backwards compatibility(BC).

>
> 2.) during 'ipa-server-install --uninstall', 'server_del' should be
> called on one of remote masters to remove the uninstalled server from
> the managed topology
>
> What I didn't get from the design document is whether the method should
> have some kind of 'force' option which should bypass all topology
> connectivity checks. Currently both `ipa-replica-manage del` and server
> uninstaller have options which will force the removal even if it
> disconnects the topology ('--force' in the former,
> '--ignore-disconnected-topology' in the latter).

I would say that uninstaller should do checks in validate method 
therefore the subsequent `server-del` doesn't need to do it again but it 
shouldn't harm. I.e. it should follow what the user specified. If user 
wants to skip (--ignore-d..-t..) then skip. If not then it will fail in 
validate method.

Only issue might be error state where servers have different picture of 
the topology.

>
> I guess the 'server_del' method should inherit this flag so that we
> retain the original functionality (for better or worse). I propose to
> name this option 'ignore_topology_disconnect' because it is more
> descriptive than plain 'force'.

+1

And in BC case, `ipa-replica-manage --force` would call `server-del 
--ig..-d..-t...`

>
> I would also like to ask whether 'server_del' (which is currently
> NO_CLI) should be usable also from command line.

IMO yes, it should mostly as a couterpart of `ipa-replica-manage --force 
--clean`

Which bring us to --clean option and what it should do...

>
>
> [1] http://www.freeipa.org/page/V4/Manage_replication_topology_4_4
> [2] https://fedorahosted.org/freeipa/ticket/5588
>


-- 
Petr Vobornik

More information about the Freeipa-devel mailing list