On 06/24/2015 04:19 PM, Oleg Fayans wrote:
no, a restore will only replace the database, then it depends on the
replication agreements and state of other servers. On the restored
server the changes after backup are no longer available, but they coul
be replicated back from other servers, that's why it is recommended to
disable repl agreements to this server and then reinit
On 06/24/2015 02:35 PM, Ludwig Krispenz wrote:
Will the changes introduced by restoring from backup not get
On 06/24/2015 02:30 PM, Oleg Fayans wrote:
you could combine this with a backup test. On server A make a backup,
make some changes on any node and wait until it is replicated
everywhere. restore A from the backup and reinitialize the complete
topology. It should be enough with 2 or three servers
On 06/24/2015 02:25 PM, Ludwig Krispenz wrote:
The question is: how do I make sure that the content on node /a /is
overwritten with the content of node /b/? I kind of need the two
nodes to have different content and not trying to synchronize
On 06/24/2015 01:59 PM, Oleg Fayans wrote:
I don't see why you want to do all these steps, initialize means
that the database of B is overwritten by the database of A, so you
could check that the content is the same. But to simulate a
situation where init is required is not so easy, if you turn the
replica on again, the changes could be normally replicated before
you start the init
Thanks for clarification! It seems though, that all possible
attributes are already mapped to the topologysegment-mod options:
[13:42:45]ofayans@vm-244:~]$ ipa show-mappings topologysegment-mod
Parameter : LDAP attribute
========= : ==============
stripattrs : nsds5replicastripattrs
replattrs : nsds5replicatedattributelist
replattrstotal : nsds5replicatedattributelisttotal
timeout : nsds5replicatimeout
enabled : nsds5replicaenabled
rights : rights
[13:47:41]ofayans@vm-244:~]$ ipa help topologysegment-mod
Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX
Modify a segment.
-h, --help show this help message and exit
--stripattrs=STR A space separated list of attributes which
from replication updates.
--replattrs=STR Attributes that are not replicated to a
server during a fractional update. E.g.,
`(objectclass=*) $ EXCLUDE accountlockout
--replattrstotal=STR Attributes that are not replicated to a
server during a total update. E.g.
--timeout=INT Number of seconds outbound LDAP operations
waits for a
response from the remote replica before
timing out and
Whether a replication agreement is active,
whether replication is occurring per that
--setattr=STR Set an attribute to a name/value pair.
attr=value. For multi-valued attributes,
replaces the values already present.
--addattr=STR Add an attribute/value pair. Format is
attribute must be part of the schema.
--delattr=STR Delete an attribute/value pair. The option
evaluated last, after all sets and adds.
--rights Display the access rights of this entry
--all). See ipa man page for details.
--all Retrieve and print all attributes from the
Affects command output.
--raw Print entries as stored on the server.
So, setattr, addattr and delattr should, I think, be explained in
the design document, with example usage.
Another question that I have:
In order to test topologysegment-reinitialize, I need to set the
replica timeout to, say, 1, then turn this replica off, then make
some changes on master and turn on the replica? I mean, my goal is
to make master to give up attempts to synchronize with replica, is
On 06/24/2015 12:28 PM, Petr Vobornik wrote:
On 06/24/2015 12:19 PM, Oleg Fayans wrote:
I see some contradictions in the way the segment modification
$ ipa help topologysegment-mod
Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX NAME
$ ipa topologysegment-mod realm 127-to-244 --setattr=Segment
ipa: ERROR: command 'topologysegment_mod' takes at most 2 arguments
(suffix + name + options = 3, not 2)
'Segment name' is not correct attribute name. More below.
Is there a way to list all possible attributes available for
When do topologysegment-show --all, I get quite a small number
and even them I am unable to modify:
$ ipa topologysegment-show realm 127-to-244 --all
Segment name: 127-to-244
Left node: vm-127.idm.lab.eng.brq.redhat.com
Right node: vm-244.idm.lab.eng.brq.redhat.com
objectclass: top, iparepltoposegment
$ ipa topologysegment-mod realm 127-to-244
ipa: ERROR: attribute "connectivity" not allowed
$ ipa topologysegment-mod realm 127-to-244
ipa: ERROR: attribute "direction" not allowed
--XXXattr options work with LDAP attributes names. 'direction' is
the option name but not attribute name. Attribute name is
You can see the mappings in, e.g.,:
ipa show-mappings topologysegment-mod
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code