On 19.4.2016 13:49, Martin Babinsky wrote:
On 04/14/2016 10:48 AM, Martin Babinsky wrote:
On 04/14/2016 08:42 AM, Jan Cholasta wrote:
On 13.4.2016 16:49, Martin Babinsky wrote:
This is a WIP patch which moves the `ipa-replica-manage del` subcommand
to the 'server-del' API method and exposes it as CLI command. A CI
test suite is also included.
`server-del` now accepts the following options:
* `--cleanup`: perform a cleanup after an already deleted master
I would prefer if this was actually called --force, for reasons
explained in the design thread:
* `--force-removal`: force master removal, i.e. ignore topology errors
So, this is actually the all-powerful --force option we always try to
avoid, but with a different name (and not very good one - if you are
removing something, what other than removal would you need to force?).
Could you split this into separate options?
There are actually two checks that we need to pass/bypass before we can
remove the master entry and run all the cleanup shenanigans:
1.) the topology is not disconnected already or is not being
disconnected by the action
2.) the action does leave at least one CA/DNS server, does not remove
DNSSec keymaster and we can promote other master to CA renewal master
So IIUC we would need three options actually:
* one that bypasses topology checks ('--ignore-topology-disconnect')
* one that bypasses the check for remaining services
* one that will cleanup leftovers only, ignoring NotFound error
('--cleanup'), this one is already there
Actually '--force' should replace '--cleanup' as it does basically the
What about the remaining two proposed options?
--ignore-topology-disconnect is good. The other one should use "role"
rather than "service", e.g. --ignore-last-of-role.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code