On 08/14/2015 08:26 AM, Oleg Fayans wrote:
The problem of current implementation of topologysegment-add is that it
does not support '--connectivity' commandline option:
$ ipa help topologysegment-add
Usage: ipa [global-options] topologysegment-add TOPOLOGYSUFFIX NAME
[options]

Add a new segment.
Options:
   -h, --help            show this help message and exit
   --leftnode=STR        Left replication node - an IPA server
   --rightnode=STR       Right replication node - an IPA server
   --stripattrs=STR      A space separated list of attributes which are
removed
                         from replication updates.
   --replattrs=STR       Attributes that are not replicated to a consumer
                         server during a fractional update. E.g.,
                         `(objectclass=*) $ EXCLUDE accountlockout memberof
   --replattrstotal=STR  Attributes that are not replicated to a consumer
                         server during a total update. E.g.
(objectclass=*) $
                         EXCLUDE accountlockout
   --timeout=INT         Number of seconds outbound LDAP operations
waits for a
                         response from the remote replica before timing
out and
                         failing
   --setattr=STR         Set an attribute to a name/value pair. Format is
                         attr=value. For multi-valued attributes, the
command
                         replaces the values already present.
   --addattr=STR         Add an attribute/value pair. Format is
attr=value. The
                         attribute must be part of the schema.
   --all                 Retrieve and print all attributes from the server.
                         Affects command output.
   --raw                 Print entries as stored on the server. Only
affects
                         output format.

This is correct, see https://fedorahosted.org/freeipa/ticket/5061


But when you actually create a segment, it asks for connectivity
interactively, which effectively blocks automation.

It should not ask, it's a bug, please file a ticket.




On 08/13/2015 12:13 PM, Ludwig Krispenz wrote:

On 08/13/2015 10:49 AM, Petr Vobornik wrote:
On 08/13/2015 09:55 AM, Ludwig Krispenz wrote:

On 08/10/2015 10:54 AM, Oleg Fayans wrote:
Hi Ludwig,

It seems the Design page for the topology plugin is a bit outdated.
1. It still operates with the terms like plugin version
(http://www.freeipa.org/page/V4/Manage_replication_topology#Check_for_modify_operation),


although it was generally agreed, that we do not use plugin version at
all.

2. The section
http://www.freeipa.org/page/V4/Manage_replication_topology#Check_after_online_initializatition


should be a bit clarified:
Does this mean, that if we prepare a replica from a master that has
domainlevel = 1, then the replica, that already had a domain level = 0
will raise it? Do we support this scenario at all?

3. Segment directions. Currently there is no way to specify segment
direction using the cli `ipa topologysegment-add`. However the
direction is shown with `ipa topologysegment-find` and `ipa
topologysegment-show`, which leads to confusing of the users. We
probably should remove this info from the output at all and update the
design page accordingly.
this is not true, in segment add youcan specify the direction:

adding the segment:
-------------
[root@vm-215 ~]# ipa topologysegment-add realm
Left node: vm-112.abc.idm.lab.eng.brq.redhat.com
Right node: vm-179.abc.idm.lab.eng.brq.redhat.com
Connectivity [both]: left-right
Segment name
[vm-112.abc.idm.lab.eng.brq.redhat.com-to-vm-179.abc.idm.lab.eng.brq.redhat.com]:


onedirect
-------------------------
Added segment "onedirect"
-------------------------
   Segment name: onedirect
   Left node: vm-112.abc.idm.lab.eng.brq.redhat.com
   Right node: vm-179.abc.idm.lab.eng.brq.redhat.com
   Connectivity: left-right


checking the segment:

[root@vm-215 ~]# ipa topologysegment-find realm
------------------
.....
------------------
   Segment name: onedirect
   Left node: vm-112.abc.idm.lab.eng.brq.redhat.com
   Right node: vm-179.abc.idm.lab.eng.brq.redhat.com
   Connectivity: left-right

......


This is a bug. Option "direction" was removed from -add and -mod
commands on purpose.
I thought it should only be removed from the mod, as it was not handled
in the plugin, but I think initial creation of a one directional segment
should be ok

But CLI still incorrectly asks for the value and therefore allows to
change the default "both".




--
Petr Vobornik

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to