<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 06/24/2015 02:35 PM, Ludwig Krispenz
wrote:<br>
</div>
<blockquote cite="mid:558AA428.6020804@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<div class="moz-cite-prefix">On 06/24/2015 02:30 PM, Oleg Fayans
wrote:<br>
</div>
<blockquote cite="mid:558AA2E1.8020405@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<br>
<div class="moz-cite-prefix">On 06/24/2015 02:25 PM, Ludwig
Krispenz wrote:<br>
</div>
<blockquote cite="mid:558AA1BA.90905@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<div class="moz-cite-prefix">On 06/24/2015 01:59 PM, Oleg
Fayans wrote:<br>
</div>
<blockquote cite="mid:558A9B8F.3080509@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
Hi Petr,<br>
<br>
Thanks for clarification! It seems though, that all possible
attributes are already mapped to the topologysegment-mod
options:<br>
<br>
<small>[13:42:45]ofayans@vm-244:~]$ ipa show-mappings
topologysegment-mod<br>
Parameter : LDAP attribute<br>
========= : ==============<br>
stripattrs : nsds5replicastripattrs<br>
replattrs : nsds5replicatedattributelist<br>
replattrstotal : nsds5replicatedattributelisttotal<br>
timeout : nsds5replicatimeout<br>
enabled : nsds5replicaenabled<br>
rights : rights<br>
[13:47:41]ofayans@vm-244:~]$ ipa help topologysegment-mod<br>
Usage: ipa [global-options] topologysegment-mod
TOPOLOGYSUFFIX NAME [options]<br>
<br>
Modify a segment.<br>
Options:<br>
-h, --help show this help message and exit<br>
--stripattrs=STR A space separated list of
attributes which are removed<br>
from replication updates.<br>
--replattrs=STR Attributes that are not replicated
to a consumer<br>
server during a fractional update.
E.g.,<br>
`(objectclass=*) $ EXCLUDE
accountlockout memberof<br>
--replattrstotal=STR Attributes that are not replicated
to a consumer<br>
server during a total update. E.g.
(objectclass=*) $<br>
EXCLUDE accountlockout<br>
--timeout=INT Number of seconds outbound LDAP
operations waits for a<br>
response from the remote replica
before timing out and<br>
failing<br>
--enabled=['on', 'off']<br>
Whether a replication agreement is
active, meaning<br>
whether replication is occurring
per that agreement<br>
--setattr=STR Set an attribute to a name/value
pair. Format is<br>
attr=value. For multi-valued
attributes, the command<br>
replaces the values already
present.<br>
--addattr=STR Add an attribute/value pair.
Format is attr=value. The<br>
attribute must be part of the
schema.<br>
--delattr=STR Delete an attribute/value pair.
The option will be<br>
evaluated last, after all sets and
adds.<br>
--rights Display the access rights of this
entry (requires<br>
--all). See ipa man page for
details.<br>
--all Retrieve and print all attributes
from the server.<br>
Affects command output.<br>
--raw Print entries as stored on the
server. Only affects<br>
output format.<br>
</small><br>
So, setattr, addattr and delattr should, I think, be
explained in the design document, with example usage.<br>
<br>
Another question that I have: <br>
In order to test topologysegment-reinitialize, I need to set
the replica timeout to, say, 1, then turn this replica off,
then make some changes on master and turn on the replica? I
mean, my goal is to make master to give up attempts to
synchronize with replica, is that correct?<br>
</blockquote>
I don't see why you want to do all these steps, initialize
means that the database of B is overwritten by the database of
A, so you could check that the content is the same. But to
simulate a situation where init is required is not so easy, if
you turn the replica on again, the changes could be normally
replicated before you start the init<br>
</blockquote>
The question is: how do I make sure that the content on node <i>a
</i>is overwritten with the content of node <i>b</i>? I kind of
need the two nodes to have different content and not trying to
synchronize automatically<br>
</blockquote>
you could combine this with a backup test. On server A make a
backup, make some changes on any node and wait until it is
replicated everywhere. restore A from the backup and reinitialize
the complete topology. It should be enough with 2 or three servers<br>
</blockquote>
Will the changes introduced by restoring from backup not get
replicated automatically? <br>
<blockquote cite="mid:558AA428.6020804@redhat.com" type="cite">
<blockquote cite="mid:558AA2E1.8020405@redhat.com" type="cite">
<blockquote cite="mid:558AA1BA.90905@redhat.com" type="cite">
<blockquote cite="mid:558A9B8F.3080509@redhat.com" type="cite">
<br>
<div class="moz-cite-prefix">On 06/24/2015 12:28 PM, Petr
Vobornik wrote:<br>
</div>
<blockquote cite="mid:558A8640.6020905@redhat.com"
type="cite">On 06/24/2015 12:19 PM, Oleg Fayans wrote: <br>
<blockquote type="cite">Hi Ludwig, <br>
<br>
I see some contradictions in the way the segment
modification cli is <br>
implemented: <br>
<br>
1. <br>
$ ipa help topologysegment-mod <br>
Usage: ipa [global-options] topologysegment-mod
TOPOLOGYSUFFIX NAME <br>
[options] <br>
<br>
$ ipa topologysegment-mod realm 127-to-244
--setattr=Segment name=test <br>
ipa: ERROR: command 'topologysegment_mod' takes at most
2 arguments <br>
<br>
(suffix + name + options = 3, not 2) <br>
</blockquote>
<br>
'Segment name' is not correct attribute name. More below.
<br>
<br>
<blockquote type="cite"> <br>
2. <br>
Is there a way to list all possible attributes available
for modification? <br>
When do topologysegment-show --all, I get quite a small
number of them, <br>
and even them I am unable to modify: <br>
<br>
$ ipa topologysegment-show realm 127-to-244 --all <br>
dn: <br>
cn=127-to-244,cn=realm,cn=topology,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
<br>
<br>
Segment name: 127-to-244 <br>
Left node: vm-127.idm.lab.eng.brq.redhat.com <br>
Right node: vm-244.idm.lab.eng.brq.redhat.com <br>
Connectivity: both <br>
objectclass: top, iparepltoposegment <br>
<br>
$ ipa topologysegment-mod realm 127-to-244 <br>
--setattr=connectivity=left-right <br>
ipa: ERROR: attribute "connectivity" not allowed <br>
$ ipa topologysegment-mod realm 127-to-244
--setattr=direction=left-right <br>
ipa: ERROR: attribute "direction" not allowed <br>
<br>
</blockquote>
<br>
--XXXattr options work with LDAP attributes names.
'direction' is the option name but not attribute name.
Attribute name is iparepltoposegmentdirection. <br>
<br>
You can see the mappings in, e.g.,: <br>
ipa show-mappings topologysegment-mod <br>
<br>
<br>
<br>
<br>
<br>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.</pre>
</body>
</html>