On 19.4.2016 13:49, Martin Babinsky wrote:
On 04/14/2016 10:48 AM, Martin Babinsky wrote:
On 04/14/2016 08:42 AM, Jan Cholasta wrote:

On 13.4.2016 16:49, Martin Babinsky wrote:
This is a WIP patch which moves the `ipa-replica-manage del` subcommand
to the 'server-del' API method and exposes it as CLI command[1]. A CI
test suite is also included.

`server-del` now accepts the following options:
* `--cleanup`: perform a cleanup after an already deleted master

I would prefer if this was actually called --force, for reasons
explained in the design thread:

* `--force-removal`: force master removal, i.e. ignore topology errors

So, this is actually the all-powerful --force option we always try to
avoid, but with a different name (and not very good one - if you are
removing something, what other than removal would you need to force?).

Could you split this into separate options?

There are actually two checks that we need to pass/bypass before we can
remove the master entry and run all the cleanup shenanigans:

1.) the topology is not disconnected already or is not being
disconnected by the action

2.) the action does leave at least one CA/DNS server, does not remove
DNSSec keymaster and we can promote other master to CA renewal master

So IIUC we would need three options actually:

* one that bypasses topology checks ('--ignore-topology-disconnect')
* one that bypasses the check for remaining services
* one that will cleanup leftovers only, ignoring NotFound error
('--cleanup'), this one is already there

Actually '--force' should replace '--cleanup' as it does basically the
same job.


What about the remaining two proposed options?

--ignore-topology-disconnect is good. The other one should use "role" rather than "service", e.g. --ignore-last-of-role.

Jan Cholasta

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to