On 20/07/15 19:04, Mark Reynolds wrote:
On 07/20/2015 12:50 PM, Martin Basti wrote:
On 20/07/15 17:48, Petr Vobornik wrote:
On 07/20/2015 05:24 PM, Rob Crittenden wrote:
Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5086
Patch attached.
Is this going to be a shock on upgrades for people who until now
may be
relying on the fact that there is no limit?
Not making any point, but have to note: Ludwig raised a question on
users list but there was no feedback from users.
https://www.redhat.com/archives/freeipa-users/2015-July/msg00022.html
Should there be a way for an admin to manage this, via the config
module
perhaps?
IMHO this is a significant change and red flags need to be raised so
users are aware of it.
rob
IIUC there is purge delay 7 days, so if changelog max age is 7 or
more days, it will not break replication.
The issue is if somebody uses changelog for different purpose, right?
Well the replication changelog can not be used for anything else but
the multimaster replication plugin. If a customer increased the
replication purge delay you could potentially run into issues, but
again this only comes into play when a replica is down for a very long
time. I'm not sure if IPA even provides the option to adjust the
replication purge delay, but that doesn't mean a customer can not
adjust these settings on their own.
Mark
I'm attaching new patch, that modifies behavior of 'addifnew' keyword in
update files.
addifnew will no create new entry if doesn't exist.
This is required for proper working of patch 292
Rob are you okay with these patches, as Mark wrote, changelog is used
only for replication plugins, so it should not cause any issues to users.
Martin^2
--
Martin Basti
From 257a3d77fe25e47b944978ff9aab77d56465cc1f Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Mon, 20 Jul 2015 16:36:45 +0200
Subject: [PATCH] Limit max age of replication changelog
Limit max age of replication changelog to seven days, instead of grow to
unlimited size.
https://fedorahosted.org/freeipa/ticket/5086
---
install/updates/20-replication.update | 4 ++++
ipaserver/install/replication.py | 1 +
2 files changed, 5 insertions(+)
diff --git a/install/updates/20-replication.update b/install/updates/20-replication.update
index 066b9fcd4933864cdcbc451897c98063bdf55bbe..83d5d1f0c7c083e0c55c3e38a5be729d55b4e828 100644
--- a/install/updates/20-replication.update
+++ b/install/updates/20-replication.update
@@ -27,3 +27,7 @@ default: objectclass: top
default: objectclass: iparepltopoconf
default: ipaReplTopoConfRoot: $SUFFIX
default: cn: realm
+
+# Set replication changelog limit (#5086)
+dn: cn=changelog5,cn=config
+addifnew: nsslapd-changelogmaxage: 7d
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index e9af88dc4356d4fd5495f4fea399ab09c75db953..b3c391383352970d2ca89e1a333315ed1a47dea1 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -466,6 +466,7 @@ class ReplicationManager(object):
'objectclass': ["top", "extensibleobject"],
'cn': ["changelog5"],
'nsslapd-changelogdir': [os.path.join(dbdir, "cldb")],
+ 'nsslapd-changelogmaxage': ['7d'],
}
)
try:
--
2.4.3
From 5901a61d995dbed500fe728b45a89a1c96a1f06e Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Tue, 21 Jul 2015 18:13:44 +0200
Subject: [PATCH] Server Upgrade: addifnew should not create entry
addifnew should add value only if entry exists, instead of creating
entry.
---
ipaserver/install/ldapupdate.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 6f796dfdc8bbac1bb99a8b5a1bd5a6aaa778db16..eaef77b2cd215a946c30787aa32e939bd9c297a7 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -669,8 +669,8 @@ class LDAPUpdate:
elif action == 'addifnew':
self.debug("addifnew: '%s' to %s, current value %s", safe_output(attr, update_value), attr, safe_output(attr, entry_values))
# Only add the attribute if it doesn't exist. Only works
- # with single-value attributes.
- if len(entry_values) == 0:
+ # with single-value attributes. Entry must exist.
+ if entry.get('objectclass') and len(entry_values) == 0:
entry_values.append(update_value)
self.debug('addifnew: set %s to %s', attr, safe_output(attr, entry_values))
entry[attr] = entry_values
--
2.4.3
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code