patch for https://fedorahosted.org/freeipa/ticket/5309

The ticket itself is about connectivity checks in topology suffixes, but there is a code (install/tools/ipa-replica-manage starting at line 788 after applying my patch) which monitors whether the segments pointing to/from the deleted host are already deleted.

These checks are currently hardcoded for 'realm' prefix, should we generalize them as well or is it a part of other effort?

--
Martin^3 Babinsky
From 7ef87f07500b361d84e18ac3784c7f9ba9596b1f Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Fri, 30 Oct 2015 13:59:03 +0100
Subject: [PATCH] perform connectivity checks for all topology suffixes during
 node deletion

The code in ipa-replica-manage which checks for disconnected topology before
and after deletion of a node in a topology plugin-managed domain was
generalized so that it now performs these checks for all suffixes to which the
node belongs.

https://fedorahosted.org/freeipa/ticket/5309
---
 install/tools/ipa-replica-manage | 47 ++++++++++++++++++++++++++++++++++------
 1 file changed, 40 insertions(+), 7 deletions(-)

diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 1350590b625e5dcab36abbcef75fe5eafc5f7123..05ac28cec4036676994942ad7150c9a6ae82a528 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -569,7 +569,7 @@ def check_last_link(delrepl, realm, dirman_passwd, force):
     else:
         return None
 
-def check_last_link_managed(api, masters, hostname, force):
+def check_last_link_managed(api, hostname, masters, suffix_name, force):
     """
     Check if 'hostname' is safe to delete.
 
@@ -577,13 +577,31 @@ def check_last_link_managed(api, masters, hostname, force):
               (current_errors, new_errors)
     """
 
-    segments = api.Command.topologysegment_find(u'realm', sizelimit=0).get('result')
-    graph = create_topology_graph(masters, segments)
+    suffix = api.Command.topologysuffix_show(suffix_name)['result']
+    suffix_members = []
+    for m in masters:
+        if suffix['iparepltopoconfroot'][0] in m['iparepltopomanagedsuffix']:
+            suffix_members.append(m)
+
+    member_cns = {member['cn'][0] for member in suffix_members}
+
+    if hostname not in member_cns:
+        print(
+            "'{}' is not a part of topology suffix '{}'".format(
+                hostname, suffix_name
+            )
+        )
+        print("Not checking connectivity")
+        return [], []
+
+    segments = api.Command.topologysegment_find(suffix_name, sizelimit=0).get('result')
+    graph = create_topology_graph(suffix_members, segments)
 
     # check topology before removal
     orig_errors = get_topology_connection_errors(graph)
     if orig_errors:
-        print("Current topology is disconnected:")
+        print("Current topology in suffix '{}' is disconnected:".format(
+            suffix_name))
         print("Changes are not replicated to all servers and data are probably inconsistent.")
         print("You need to add segments to reconnect the topology.")
         print_connect_errors(orig_errors)
@@ -596,7 +614,8 @@ def check_last_link_managed(api, masters, hostname, force):
 
     new_errors = get_topology_connection_errors(graph)
     if new_errors:
-        print("WARNING: Topology after removal of %s will be disconnected." % hostname)
+        print("WARNING: Removal of '{}' will lead to disconnected topology "
+              "in suffix '{}'".format(hostname, suffix_name))
         print("Changes will not be replicated to all servers and data will become inconsistent.")
         print("You need to add segments to prevent disconnection of the topology.")
         print("Errors in topology after removal:")
@@ -724,8 +743,22 @@ def del_master_managed(realm, hostname, options):
     # 2. Get all masters
     masters = api.Command.server_find('', sizelimit=0)['result']
 
-    # 3. Check topology
-    topo_errors = check_last_link_managed(api, masters, hostname, options.force)
+    # 3. Check topology connectivity in all suffices
+    suffices = api.Command.topologysuffix_find('', sizelimit=0)['result']
+    # initialize the error tuple here and extend it by errors found in each
+    # suffix
+    topo_errors = ([], [])
+
+    for suffix in suffices:
+        suffix_name = suffix['cn'][0]
+        print("Checking connectivity in topology suffix '{}'".format(
+            suffix_name))
+
+        suffix_errors = check_last_link_managed(
+            api, hostname, masters, suffix_name, options.force)
+
+        topo_errors[0].extend(suffix_errors[0])
+        topo_errors[1].extend(suffix_errors[1])
 
     # 4. Check that we are not leaving the installation without CA and/or DNS
     #    And pick new CA master.
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to