[Freeipa-devel] [WIP PATCH] server-del: perform full master removal in managed topology
Martin Babinsky
mbabinsk at redhat.com
Thu Apr 14 08:48:15 UTC 2016
On 04/14/2016 08:42 AM, Jan Cholasta wrote:
> Hi,
>
> On 13.4.2016 16:49, Martin Babinsky wrote:
>> This is a WIP patch which moves the `ipa-replica-manage del` subcommand
>> to the 'server-del' API method and exposes it as CLI command[1]. A CI
>> test suite is also included.
>
>> `server-del` now accepts the following options:
>> * `--cleanup`: perform a cleanup after an already deleted master
>
> I would prefer if this was actually called --force, for reasons
> explained in the design thread:
> <https://www.redhat.com/archives/freeipa-devel/2016-April/msg00010.html>.
>
>> * `--force-removal`: force master removal, i.e. ignore topology errors
>
> So, this is actually the all-powerful --force option we always try to
> avoid, but with a different name (and not very good one - if you are
> removing something, what other than removal would you need to force?).
>
> Could you split this into separate options?
>
There are actually two checks that we need to pass/bypass before we can
remove the master entry and run all the cleanup shenanigans:
1.) the topology is not disconnected already or is not being
disconnected by the action
2.) the action does leave at least one CA/DNS server, does not remove
DNSSec keymaster and we can promote other master to CA renewal master
So IIUC we would need three options actually:
* one that bypasses topology checks ('--ignore-topology-disconnect')
* one that bypasses the check for remaining services
('--ignore-last-services?')
* one that will cleanup leftovers only, ignoring NotFound error
('--cleanup'), this one is already there
> Honza
>
--
Martin^3 Babinsky
More information about the Freeipa-devel
mailing list