JR Aquino wrote:
On Sep 8, 2011, at 10:41 AM, JR Aquino wrote:
On Sep 8, 2011, at 10:06 AM, JR Aquino wrote:
On Sep 8, 2011, at 4:38 AM, Martin Kosek wrote:
On Tue, 2011-09-06 at 22:33 +0000, JR Aquino wrote:
On Jul 22, 2011, at 6:54 AM, Martin Kosek wrote:
On Thu, 2011-07-21 at 23:00 +0000, JR Aquino wrote:
Create: cn=Managed Entries,cn=etc,$SUFFIX
Create: cn=Definitions,cn=Managed Entries,cn=etc,$SUFFIX
Create: cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
Create method for migrating any and all custom Managed Entries from
the cn=config space into the new container.
The Managed Entries plugin configurations weren't being created on
replica installs.
This patch addresses two seperate tickets and accounts for
new installs, replica installs, and upgrades.
https://fedorahosted.org/freeipa/ticket/1181 - Managed Entry Tool / New
Container<A separate patch will cover the management tool>
https://fedorahosted.org/freeipa/ticket/1222 - Add Managed Entries during Replica
installation<extended solution>
I found few issues with the patch (tested along with 25):
1) When upgrading an old instance, NGP and UGP definitions in
cn=Managed Entries,cn=plugins,cn=config were not deleted. This lead to 2
managed entries plugin definitions
Fixed this condition. 389 prohibits the deletion of Managed Entries while they
are active.
I had to perform the repointing to the new cn=etc container, perform the
migration of the legacy configs, then perform a restart of dirsrv.
2) Managed entries on a replica didn't work for me. For example UPG was
created on a master, but was not on a replica
This should also be resolved now.
Martin
I had to break out the connection code in update for ldapupdate.py so that
connections could be reestablished post dirsrv restart.
I also had to create a service class to perform the restart.
installutils.py has been modified to provide wait_for_open_socket() similar to
wait_for_open_port()
Hello JR,
I tested you patch, it works fine for both upgrading the replicas and
new installations. Old Managed Entries definitions were successfully
deleted.
I just found few issues with the patch format itself:
1) Commit message is all wrong, its all on the Subject line which is
then put to commit title during "git am". I suggest using our standard
commit message formatting:
COMMIT_TITLE
COMMIT_DESCRIPTION
TRAC_TICKET_LINK
2) There were few whitespace errors:
$ git apply
~/freeipa-jraquino-0038-Move-Managed-Entries-into-their-own-container.patch
/home/mkosek/freeipa-jraquino-0038-Move-Managed-Entries-into-their-own-container.patch:519:
trailing whitespace.
/home/mkosek/freeipa-jraquino-0038-Move-Managed-Entries-into-their-own-container.patch:526:
trailing whitespace.
Otherwise the patch looks good to me, if it is OK with Rob (since he
wrote the entire ldapupdate.py) I think we can push it after you fix the
2 changes I proposed.
Fixed the whitespace errors and adjusted the commit message.
<freeipa-jraquino-0038-Move-Managed-Entries-into-their-own-container.patch>
Self NAK
Looks like I missed a piece in this recent patch that creates the cn=etc
containers out of order.
New patch to follow shortly
Ok.
Whitespace errors corrected
Commit Format Corrected
Order of creation for Managed Entry Container is now corrected
Martin if you could do a quick double check to make sure everything still looks
clean to you.
After that, I believe it just needs Rob's blessing.
ACK, pushed to master and ipa-2-1.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
