On 01/14/2016 04:16 PM, Ludwig Krispenz wrote:

On 01/14/2016 03:59 PM, Stanislav Laznicka wrote:
On 01/14/2016 03:21 PM, Rob Crittenden wrote:
Stanislav Laznicka wrote:
Please see the rebased patches attached.

On 01/13/2016 02:01 PM, Martin Basti wrote:

On 18.12.2015 12:46, Stanislav Laznicka wrote:

Attached are the patches for auto-find and clean of dangling
(cs)ruvs. Currently, the cleaning of an RUV waits for all replicas to
be online, even on --force. If that were an issue, I can make the
command fail before trying to clean any of RUVs. However, the user is
shown a replica is offline and is prompted to confirm the cleaning so
the possible wait should not be a problem I believe.

Standa L.


patches needs rebase, I cannot apply them.
Will this confuse people? Currently, for good or bad, there are two
commands for managing the two different topologies. This mixes some CA
work into ipa-replica-manage.


Well, in the patch, I was just following the discussion at
https://fedorahosted.org/freeipa/ticket/5411. Ludwig mentions that
ipa-csreplica-manage should go deprecated and does not want to enhance
it. Also, the only thing the code does is removing trash from the ds
so it makes sense to me to do it in just one command, as well as the
users might expect that, too.

I guess it would be possible to add an option that would select which
of the subtrees should be cleaned of RUVs. It should stay as one
command nonetheless. Adding such an option for this command would then
probably mean all the commands should have it as it would make more
sense, though.

Let me add Petr and Ludwig to CC: as they both had inputs on keeping
the command in just ipa-replica-manage.
yes, that was the idea to keep ipa-csreplica-manage (which does not have
clean-ruv,..) for domain-level 0, but not add new features. Also
"ipa-replica-manage del" now triggers the ruv cleaning of ipaca

Yes, ipa-csreplica-manage should be deprecated.

I think that one of the reasons why dangling CA RUVs are not uncommon is that users forget about `ipa-csreplica-manage del` command when removing a replica.

New `ipa-replica-manage del` also removes replication agreements and therefore cleans RUVs of CA suffix (on domain level 1). In this context it is not inconsistent.

Btw, one of the good example why this commands will be helpful is following bz, especially a sentence in: https://bugzilla.redhat.com/show_bug.cgi?id=1295971#c5
I had some mistakes to clean some valid RUV, for example, 52 for eupre1

We should think about list-clean-ruv and abort-clean-ruv commands. There is no counterpart for CA suffix now. Could be in different patch.

With clean-dangling-ruvs command it would be good to deprecate clean-ruv command of ipa-replica-manage - should be different patch.

I'm not sure if it should abort if some replica is down. Maybe yes until https://fedorahosted.org/freeipa/ticket/5396 is fixed.

The path set misses update of man page.
Petr Vobornik

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to