[Freeipa-devel] Topology Plugin design questions

Oleg Fayans ofayans at redhat.com
Fri Aug 14 06:26:48 UTC 2015 

The problem of current implementation of topologysegment-add is that it 
does not support '--connectivity' commandline option:
$ ipa help topologysegment-add
Usage: ipa [global-options] topologysegment-add TOPOLOGYSUFFIX NAME 
[options]

Add a new segment.
Options:
   -h, --help            show this help message and exit
   --leftnode=STR        Left replication node - an IPA server
   --rightnode=STR       Right replication node - an IPA server
   --stripattrs=STR      A space separated list of attributes which are 
removed
                         from replication updates.
   --replattrs=STR       Attributes that are not replicated to a consumer
                         server during a fractional update. E.g.,
                         `(objectclass=*) $ EXCLUDE accountlockout memberof
   --replattrstotal=STR  Attributes that are not replicated to a consumer
                         server during a total update. E.g. 
(objectclass=*) $
                         EXCLUDE accountlockout
   --timeout=INT         Number of seconds outbound LDAP operations 
waits for a
                         response from the remote replica before timing 
out and
                         failing
   --setattr=STR         Set an attribute to a name/value pair. Format is
                         attr=value. For multi-valued attributes, the 
command
                         replaces the values already present.
   --addattr=STR         Add an attribute/value pair. Format is 
attr=value. The
                         attribute must be part of the schema.
   --all                 Retrieve and print all attributes from the server.
                         Affects command output.
   --raw                 Print entries as stored on the server. Only affects
                         output format.

But when you actually create a segment, it asks for connectivity 
interactively, which effectively blocks automation.



On 08/13/2015 12:13 PM, Ludwig Krispenz wrote:
>
> On 08/13/2015 10:49 AM, Petr Vobornik wrote:
>> On 08/13/2015 09:55 AM, Ludwig Krispenz wrote:
>>>
>>> On 08/10/2015 10:54 AM, Oleg Fayans wrote:
>>>> Hi Ludwig,
>>>>
>>>> It seems the Design page for the topology plugin is a bit outdated.
>>>> 1. It still operates with the terms like plugin version
>>>> (http://www.freeipa.org/page/V4/Manage_replication_topology#Check_for_modify_operation),
>>>>
>>>> although it was generally agreed, that we do not use plugin version at
>>>> all.
>>>>
>>>> 2. The section
>>>> http://www.freeipa.org/page/V4/Manage_replication_topology#Check_after_online_initializatition
>>>>
>>>> should be a bit clarified:
>>>> Does this mean, that if we prepare a replica from a master that has
>>>> domainlevel = 1, then the replica, that already had a domain level = 0
>>>> will raise it? Do we support this scenario at all?
>>>>
>>>> 3. Segment directions. Currently there is no way to specify segment
>>>> direction using the cli `ipa topologysegment-add`. However the
>>>> direction is shown with `ipa topologysegment-find` and `ipa
>>>> topologysegment-show`, which leads to confusing of the users. We
>>>> probably should remove this info from the output at all and update the
>>>> design page accordingly.
>>> this is not true, in segment add youcan specify the direction:
>>>
>>> adding the segment:
>>> -------------
>>> [root at vm-215 ~]# ipa topologysegment-add realm
>>> Left node: vm-112.abc.idm.lab.eng.brq.redhat.com
>>> Right node: vm-179.abc.idm.lab.eng.brq.redhat.com
>>> Connectivity [both]: left-right
>>> Segment name
>>> [vm-112.abc.idm.lab.eng.brq.redhat.com-to-vm-179.abc.idm.lab.eng.brq.redhat.com]:
>>>
>>> onedirect
>>> -------------------------
>>> Added segment "onedirect"
>>> -------------------------
>>>    Segment name: onedirect
>>>    Left node: vm-112.abc.idm.lab.eng.brq.redhat.com
>>>    Right node: vm-179.abc.idm.lab.eng.brq.redhat.com
>>>    Connectivity: left-right
>>>
>>>
>>> checking the segment:
>>>
>>> [root at vm-215 ~]# ipa topologysegment-find realm
>>> ------------------
>>> .....
>>> ------------------
>>>    Segment name: onedirect
>>>    Left node: vm-112.abc.idm.lab.eng.brq.redhat.com
>>>    Right node: vm-179.abc.idm.lab.eng.brq.redhat.com
>>>    Connectivity: left-right
>>>
>>> ......
>>>
>>
>> This is a bug. Option "direction" was removed from -add and -mod
>> commands on purpose.
> I thought it should only be removed from the mod, as it was not handled
> in the plugin, but I think initial creation of a one directional segment
> should be ok
>
>> But CLI still incorrectly asks for the value and therefore allows to
>> change the default "both".
>

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

More information about the Freeipa-devel mailing list