The problem of current implementation of topologysegment-add is that it
does not support '--connectivity' commandline option:
$ ipa help topologysegment-add
Usage: ipa [global-options] topologysegment-add TOPOLOGYSUFFIX NAME
[options]
Add a new segment.
Options:
-h, --help show this help message and exit
--leftnode=STR Left replication node - an IPA server
--rightnode=STR Right replication node - an IPA server
--stripattrs=STR A space separated list of attributes which are
removed
from replication updates.
--replattrs=STR Attributes that are not replicated to a consumer
server during a fractional update. E.g.,
`(objectclass=*) $ EXCLUDE accountlockout memberof
--replattrstotal=STR Attributes that are not replicated to a consumer
server during a total update. E.g.
(objectclass=*) $
EXCLUDE accountlockout
--timeout=INT Number of seconds outbound LDAP operations
waits for a
response from the remote replica before timing
out and
failing
--setattr=STR Set an attribute to a name/value pair. Format is
attr=value. For multi-valued attributes, the
command
replaces the values already present.
--addattr=STR Add an attribute/value pair. Format is
attr=value. The
attribute must be part of the schema.
--all Retrieve and print all attributes from the server.
Affects command output.
--raw Print entries as stored on the server. Only affects
output format.
But when you actually create a segment, it asks for connectivity
interactively, which effectively blocks automation.
On 08/13/2015 12:13 PM, Ludwig Krispenz wrote:
On 08/13/2015 10:49 AM, Petr Vobornik wrote:
On 08/13/2015 09:55 AM, Ludwig Krispenz wrote:
On 08/10/2015 10:54 AM, Oleg Fayans wrote:
Hi Ludwig,
It seems the Design page for the topology plugin is a bit outdated.
1. It still operates with the terms like plugin version
(http://www.freeipa.org/page/V4/Manage_replication_topology#Check_for_modify_operation),
although it was generally agreed, that we do not use plugin version at
all.
2. The section
http://www.freeipa.org/page/V4/Manage_replication_topology#Check_after_online_initializatition
should be a bit clarified:
Does this mean, that if we prepare a replica from a master that has
domainlevel = 1, then the replica, that already had a domain level = 0
will raise it? Do we support this scenario at all?
3. Segment directions. Currently there is no way to specify segment
direction using the cli `ipa topologysegment-add`. However the
direction is shown with `ipa topologysegment-find` and `ipa
topologysegment-show`, which leads to confusing of the users. We
probably should remove this info from the output at all and update the
design page accordingly.
this is not true, in segment add youcan specify the direction:
adding the segment:
-------------
[root@vm-215 ~]# ipa topologysegment-add realm
Left node: vm-112.abc.idm.lab.eng.brq.redhat.com
Right node: vm-179.abc.idm.lab.eng.brq.redhat.com
Connectivity [both]: left-right
Segment name
[vm-112.abc.idm.lab.eng.brq.redhat.com-to-vm-179.abc.idm.lab.eng.brq.redhat.com]:
onedirect
-------------------------
Added segment "onedirect"
-------------------------
Segment name: onedirect
Left node: vm-112.abc.idm.lab.eng.brq.redhat.com
Right node: vm-179.abc.idm.lab.eng.brq.redhat.com
Connectivity: left-right
checking the segment:
[root@vm-215 ~]# ipa topologysegment-find realm
------------------
.....
------------------
Segment name: onedirect
Left node: vm-112.abc.idm.lab.eng.brq.redhat.com
Right node: vm-179.abc.idm.lab.eng.brq.redhat.com
Connectivity: left-right
......
This is a bug. Option "direction" was removed from -add and -mod
commands on purpose.
I thought it should only be removed from the mod, as it was not handled
in the plugin, but I think initial creation of a one directional segment
should be ok
But CLI still incorrectly asks for the value and therefore allows to
change the default "both".
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
