Re: [Freeipa-devel] [PATCH] 0036 Abort full backup restoration on not matching host.

Mon, 12 Jan 2015 05:50:53 -0800 

On 01/12/2015 01:41 PM, Jan Cholasta wrote:

Dne 12.1.2015 v 13:37 David Kupka napsal(a):

On 01/12/2015 01:14 PM, Jan Cholasta wrote:

Dne 12.1.2015 v 13:08 Martin Kosek napsal(a):

On 01/12/2015 12:53 PM, David Kupka wrote:

https://fedorahosted.org/freeipa/ticket/4823


Looking at this patch, are data-only backups supposed to work properly
then?
Wouldn't for example Directory Server fail to start when cn=config
contain some
hostname-bound values?

Just checking...



IMO the error should be raised in both data-only and full restore, if in
unattended mode or the user wishes not to continue.


Description of the problem in ticket states: "I tried to run ipa-restore
(full kind) on replica from full backup taken on master and was
expecting an error message that restore can not proceed and only data
restore possible."

I created the patch based on this request. Is it wrong and should
ipa-restore fail every time when hostnames does not match?


Yes, as Martin pointed out, the data may contain references to the
hostname.


Does it make
sense to allow user to force the restoration in this case?


Yes, if the users wish, they should be allowed to continue.


Thanks for
clarification.




Updated patch attached.

--
David Kupka

From a4ad08d0d637cfad92fd81fdacfbc033a4754731 Mon Sep 17 00:00:00 2001
From: David Kupka <dku...@redhat.com>
Date: Sun, 11 Jan 2015 18:45:11 -0500
Subject: [PATCH] Abort backup restoration on not matching host in unattended
 mode.

When restoring backup on master other than it was created there is high risk
of unexpected behavior. Perform such restore only if the process is attended
and the user insist on proceeding.

https://fedorahosted.org/freeipa/ticket/4823
---
 ipaserver/install/ipa_restore.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 097703938a7ba3820f4acae2148760146464fa08..9d2ce387ed9ece31ab5a61cc2f8be66b1fe9d1ca 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -251,7 +251,7 @@ class Restore(admintool.AdminTool):
             if self.backup_host != api.env.host:
                 self.log.warning('Host name %s does not match backup name %s' %
                     (api.env.host, self.backup_host))
-                if (not options.unattended and
+                if (options.unattended or
                     not user_input("Continue to restore?", False)):
                     raise admintool.ScriptError("Aborted")
             if self.backup_ipa_version != str(version.VERSION):
-- 
2.1.0


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel





















					Reply via email to