subject:"Re\: \[Freeipa\-devel\] \[PATCH 0098\-0099\] domain level 1 topology checks during IPA server uninstall"

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-12-10 Thread Jan Cholasta


On 9.12.2015 16:22, Martin Babinsky wrote:

On 12/09/2015 03:48 PM, Jan Cholasta wrote:

On 2.12.2015 14:19, Martin Basti wrote:



On 02.12.2015 14:10, Martin Basti wrote:



On 02.12.2015 14:08, Martin Babinsky wrote:

On 12/02/2015 10:45 AM, Martin Babinsky wrote:

On 12/01/2015 02:40 PM, Martin Babinsky wrote:

On 11/30/2015 08:34 PM, Martin Basti wrote:



On 30.11.2015 18:41, Martin Babinsky wrote:

On 11/30/2015 06:15 PM, Martin Basti wrote:



On 30.11.2015 16:43, Martin Babinsky wrote:

On 11/30/2015 12:31 PM, Jan Cholasta wrote:

Hi,

On 27.11.2015 14:58, Martin Babinsky wrote:

On 11/19/2015 06:19 PM, Martin Babinsky wrote:

These two patches fix the following tickets:

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409

I have added a new option '--ignore-disconnected-topology'
which
forces
IPA master uninstall despite reported errors in topology.
I'm not
quite
sure if we want to flood ipa-server-install with
uninstall-specific
options, maybe it is better to skip the check in unattended
mode
and
just print a warning about disconnected topology and what
to do
about
it.

I would like to hear your opinions about this.




Attaching rebased and updated patches.


Patch 0098: LGTM


Patch 0099:

a) This check should be done in Server.__init__() rather than
install_check():

+if options.ignore_disconnected_topology:
+print("'--ignore-disconnected-topology' is used only
during "
+  "uninstallation")
+sys.exit(1)


b)
s/--ignore-disconnected-topology/--ignore-topology-disconnect/,
for
consistency with other options, e.g. --no-ui-redirect.

Maybe even shorten it to --ignore-topology? But we probably
don't
want
people to use this option much, so it might be better to
keep it
long?


I would rather leave it with the long option name, it is more
apparent
what this switch should be around.


c) I'm fine with uninstall options, you can remove the TODO:

+# TODO: ask jcholast about uninstallation options


Honza



Attaching updated patches.


NACK

ipa-server-install --uninstall

2015-11-30T17:14:30Z DEBUG Destroyed connection
context.ldap2_140081152041808
2015-11-30T17:14:30Z DEBUG Traceback (most recent call last):
   File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 91, in _handle_exception
 super(Continuous, self)._handle_exception(exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 439, in _handle_exception
 super(ComponentBase, self)._handle_exception(exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 355, in __runner
 step()
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 352, in 
 step = lambda: next(self.__gen)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
 six.reraise(*exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
 value = gen.send(prev_value)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 71, in _uninstall
 for nothing in self._uninstaller(self.parent):
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",




line 1409, in main
 uninstall_check(self)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",




line 265, in decorated
 func(installer)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",




line 1140, in uninstall_check
 api, masters, options.ignore_disconnected_topology)
AttributeError: 'uninstaller(Server)' object has no attribute
'ignore_disconnected_topology'

2015-11-30T17:14:30Z ERROR 'uninstaller(Server)' object has no
attribute
'ignore_disconnected_topology'
2015-11-30T17:14:30Z INFO The ipa-server-install command was
successful



Sorry I have failed horribly during option rename. Attaching patch
that should actually work.


functional ACK

Attaching rebased patches reflecting the recent changes in the
handling
of managed topology suffixes handling.






Jan had some more suggestions to the patches. Attaching updated
version.




Attaching updated patch 99 with fixed error message.


Pushed to master: b8c619a7139bd7b65caa03b68431e22791ff19bf


ACK :-)


I was doing some unrelated testing with domain level 0 and forgot to
remove --ignore-topology disconnect from my command line before
uninstalling server, which gave me an error that the option cannot be
used in domain level 0 and I had to re-run ipa-server-install
--uninstall with the option removed.

IMO it would be better for UX if the option was ignored in domain level
0, since topology

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-12-09 Thread Jan Cholasta


On 2.12.2015 14:19, Martin Basti wrote:



On 02.12.2015 14:10, Martin Basti wrote:



On 02.12.2015 14:08, Martin Babinsky wrote:

On 12/02/2015 10:45 AM, Martin Babinsky wrote:

On 12/01/2015 02:40 PM, Martin Babinsky wrote:

On 11/30/2015 08:34 PM, Martin Basti wrote:



On 30.11.2015 18:41, Martin Babinsky wrote:

On 11/30/2015 06:15 PM, Martin Basti wrote:



On 30.11.2015 16:43, Martin Babinsky wrote:

On 11/30/2015 12:31 PM, Jan Cholasta wrote:

Hi,

On 27.11.2015 14:58, Martin Babinsky wrote:

On 11/19/2015 06:19 PM, Martin Babinsky wrote:

These two patches fix the following tickets:

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409

I have added a new option '--ignore-disconnected-topology'
which
forces
IPA master uninstall despite reported errors in topology.
I'm not
quite
sure if we want to flood ipa-server-install with
uninstall-specific
options, maybe it is better to skip the check in unattended
mode
and
just print a warning about disconnected topology and what to do
about
it.

I would like to hear your opinions about this.




Attaching rebased and updated patches.


Patch 0098: LGTM


Patch 0099:

a) This check should be done in Server.__init__() rather than
install_check():

+if options.ignore_disconnected_topology:
+print("'--ignore-disconnected-topology' is used only
during "
+  "uninstallation")
+sys.exit(1)


b)
s/--ignore-disconnected-topology/--ignore-topology-disconnect/,
for
consistency with other options, e.g. --no-ui-redirect.

Maybe even shorten it to --ignore-topology? But we probably don't
want
people to use this option much, so it might be better to keep it
long?


I would rather leave it with the long option name, it is more
apparent
what this switch should be around.


c) I'm fine with uninstall options, you can remove the TODO:

+# TODO: ask jcholast about uninstallation options


Honza



Attaching updated patches.


NACK

ipa-server-install --uninstall

2015-11-30T17:14:30Z DEBUG Destroyed connection
context.ldap2_140081152041808
2015-11-30T17:14:30Z DEBUG Traceback (most recent call last):
   File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 91, in _handle_exception
 super(Continuous, self)._handle_exception(exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 439, in _handle_exception
 super(ComponentBase, self)._handle_exception(exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 355, in __runner
 step()
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 352, in 
 step = lambda: next(self.__gen)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
 six.reraise(*exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
 value = gen.send(prev_value)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 71, in _uninstall
 for nothing in self._uninstaller(self.parent):
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",


line 1409, in main
 uninstall_check(self)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",


line 265, in decorated
 func(installer)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",


line 1140, in uninstall_check
 api, masters, options.ignore_disconnected_topology)
AttributeError: 'uninstaller(Server)' object has no attribute
'ignore_disconnected_topology'

2015-11-30T17:14:30Z ERROR 'uninstaller(Server)' object has no
attribute
'ignore_disconnected_topology'
2015-11-30T17:14:30Z INFO The ipa-server-install command was
successful



Sorry I have failed horribly during option rename. Attaching patch
that should actually work.


functional ACK

Attaching rebased patches reflecting the recent changes in the
handling
of managed topology suffixes handling.






Jan had some more suggestions to the patches. Attaching updated
version.




Attaching updated patch 99 with fixed error message.


Pushed to master: b8c619a7139bd7b65caa03b68431e22791ff19bf


ACK :-)


I was doing some unrelated testing with domain level 0 and forgot to 
remove --ignore-topology disconnect from my command line before 
uninstalling server, which gave me an error that the option cannot be 
used in domain level 0 and I had to re-run ipa-server-install 
--uninstall with the option removed.


IMO it would be better for UX if the option was ignored in domain level 
0, since topology disconnects are *always* ignored in domain level 0. 
(Right?)


The attached patch fixes that.

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-12-09 Thread Martin Babinsky


On 12/09/2015 03:48 PM, Jan Cholasta wrote:

On 2.12.2015 14:19, Martin Basti wrote:



On 02.12.2015 14:10, Martin Basti wrote:



On 02.12.2015 14:08, Martin Babinsky wrote:

On 12/02/2015 10:45 AM, Martin Babinsky wrote:

On 12/01/2015 02:40 PM, Martin Babinsky wrote:

On 11/30/2015 08:34 PM, Martin Basti wrote:



On 30.11.2015 18:41, Martin Babinsky wrote:

On 11/30/2015 06:15 PM, Martin Basti wrote:



On 30.11.2015 16:43, Martin Babinsky wrote:

On 11/30/2015 12:31 PM, Jan Cholasta wrote:

Hi,

On 27.11.2015 14:58, Martin Babinsky wrote:

On 11/19/2015 06:19 PM, Martin Babinsky wrote:

These two patches fix the following tickets:

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409

I have added a new option '--ignore-disconnected-topology'
which
forces
IPA master uninstall despite reported errors in topology.
I'm not
quite
sure if we want to flood ipa-server-install with
uninstall-specific
options, maybe it is better to skip the check in unattended
mode
and
just print a warning about disconnected topology and what
to do
about
it.

I would like to hear your opinions about this.




Attaching rebased and updated patches.


Patch 0098: LGTM


Patch 0099:

a) This check should be done in Server.__init__() rather than
install_check():

+if options.ignore_disconnected_topology:
+print("'--ignore-disconnected-topology' is used only
during "
+  "uninstallation")
+sys.exit(1)


b)
s/--ignore-disconnected-topology/--ignore-topology-disconnect/,
for
consistency with other options, e.g. --no-ui-redirect.

Maybe even shorten it to --ignore-topology? But we probably
don't
want
people to use this option much, so it might be better to keep it
long?


I would rather leave it with the long option name, it is more
apparent
what this switch should be around.


c) I'm fine with uninstall options, you can remove the TODO:

+# TODO: ask jcholast about uninstallation options


Honza



Attaching updated patches.


NACK

ipa-server-install --uninstall

2015-11-30T17:14:30Z DEBUG Destroyed connection
context.ldap2_140081152041808
2015-11-30T17:14:30Z DEBUG Traceback (most recent call last):
   File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 91, in _handle_exception
 super(Continuous, self)._handle_exception(exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 439, in _handle_exception
 super(ComponentBase, self)._handle_exception(exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 355, in __runner
 step()
   File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 352, in 
 step = lambda: next(self.__gen)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
 six.reraise(*exc_info)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
 value = gen.send(prev_value)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 71, in _uninstall
 for nothing in self._uninstaller(self.parent):
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",



line 1409, in main
 uninstall_check(self)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",



line 265, in decorated
 func(installer)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",



line 1140, in uninstall_check
 api, masters, options.ignore_disconnected_topology)
AttributeError: 'uninstaller(Server)' object has no attribute
'ignore_disconnected_topology'

2015-11-30T17:14:30Z ERROR 'uninstaller(Server)' object has no
attribute
'ignore_disconnected_topology'
2015-11-30T17:14:30Z INFO The ipa-server-install command was
successful



Sorry I have failed horribly during option rename. Attaching patch
that should actually work.


functional ACK

Attaching rebased patches reflecting the recent changes in the
handling
of managed topology suffixes handling.






Jan had some more suggestions to the patches. Attaching updated
version.




Attaching updated patch 99 with fixed error message.


Pushed to master: b8c619a7139bd7b65caa03b68431e22791ff19bf


ACK :-)


I was doing some unrelated testing with domain level 0 and forgot to
remove --ignore-topology disconnect from my command line before
uninstalling server, which gave me an error that the option cannot be
used in domain level 0 and I had to re-run ipa-server-install
--uninstall with the option removed.

IMO it would be better for UX if the option was ignored in domain level
0, since topology disconnects are *always* ignored in domain level 0.

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-12-02 Thread Martin Babinsky


On 12/01/2015 02:40 PM, Martin Babinsky wrote:

On 11/30/2015 08:34 PM, Martin Basti wrote:



On 30.11.2015 18:41, Martin Babinsky wrote:

On 11/30/2015 06:15 PM, Martin Basti wrote:



On 30.11.2015 16:43, Martin Babinsky wrote:

On 11/30/2015 12:31 PM, Jan Cholasta wrote:

Hi,

On 27.11.2015 14:58, Martin Babinsky wrote:

On 11/19/2015 06:19 PM, Martin Babinsky wrote:

These two patches fix the following tickets:

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409

I have added a new option '--ignore-disconnected-topology' which
forces
IPA master uninstall despite reported errors in topology. I'm not
quite
sure if we want to flood ipa-server-install with uninstall-specific
options, maybe it is better to skip the check in unattended mode
and
just print a warning about disconnected topology and what to do
about
it.

I would like to hear your opinions about this.




Attaching rebased and updated patches.


Patch 0098: LGTM


Patch 0099:

a) This check should be done in Server.__init__() rather than
install_check():

+if options.ignore_disconnected_topology:
+print("'--ignore-disconnected-topology' is used only
during "
+  "uninstallation")
+sys.exit(1)


b) s/--ignore-disconnected-topology/--ignore-topology-disconnect/,
for
consistency with other options, e.g. --no-ui-redirect.

Maybe even shorten it to --ignore-topology? But we probably don't
want
people to use this option much, so it might be better to keep it
long?


I would rather leave it with the long option name, it is more apparent
what this switch should be around.


c) I'm fine with uninstall options, you can remove the TODO:

+# TODO: ask jcholast about uninstallation options


Honza



Attaching updated patches.


NACK

ipa-server-install --uninstall

2015-11-30T17:14:30Z DEBUG Destroyed connection
context.ldap2_140081152041808
2015-11-30T17:14:30Z DEBUG Traceback (most recent call last):
   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 91, in _handle_exception
 super(Continuous, self)._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 439, in _handle_exception
 super(ComponentBase, self)._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 355, in __runner
 step()
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 352, in 
 step = lambda: next(self.__gen)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
 six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
 value = gen.send(prev_value)
   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 71, in _uninstall
 for nothing in self._uninstaller(self.parent):
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 1409, in main
 uninstall_check(self)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 265, in decorated
 func(installer)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 1140, in uninstall_check
 api, masters, options.ignore_disconnected_topology)
AttributeError: 'uninstaller(Server)' object has no attribute
'ignore_disconnected_topology'

2015-11-30T17:14:30Z ERROR 'uninstaller(Server)' object has no
attribute
'ignore_disconnected_topology'
2015-11-30T17:14:30Z INFO The ipa-server-install command was successful



Sorry I have failed horribly during option rename. Attaching patch
that should actually work.


functional ACK

Attaching rebased patches reflecting the recent changes in the handling
of managed topology suffixes handling.






Jan had some more suggestions to the patches. Attaching updated version.

--
Martin^3 Babinsky
From a6dfb5eb910c6bcc4c456a704ba499ba4037e7ca Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Thu, 19 Nov 2015 17:55:23 +0100
Subject: [PATCH 1/2] extract domain level 1 topology-checking code from
 ipa-replica-manage

This facilitates reusability of this code in other components, e.g. IPA server
uninstallers.

https://fedorahosted.org/freeipa/ticket/5409
---
 install/tools/ipa-replica-manage | 108 ---
 ipaserver/install/replication.py |  90 
 2 files changed, 101 insertions(+), 97 deletions(-)

diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 7bbef3593ef291b4af209d7f59c21e23d3d22944..6d303e6f008325648461287448ef3d2712e23911 100755
---

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-12-02 Thread Martin Babinsky


On 12/02/2015 10:45 AM, Martin Babinsky wrote:

On 12/01/2015 02:40 PM, Martin Babinsky wrote:

On 11/30/2015 08:34 PM, Martin Basti wrote:



On 30.11.2015 18:41, Martin Babinsky wrote:

On 11/30/2015 06:15 PM, Martin Basti wrote:



On 30.11.2015 16:43, Martin Babinsky wrote:

On 11/30/2015 12:31 PM, Jan Cholasta wrote:

Hi,

On 27.11.2015 14:58, Martin Babinsky wrote:

On 11/19/2015 06:19 PM, Martin Babinsky wrote:

These two patches fix the following tickets:

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409

I have added a new option '--ignore-disconnected-topology' which
forces
IPA master uninstall despite reported errors in topology. I'm not
quite
sure if we want to flood ipa-server-install with
uninstall-specific
options, maybe it is better to skip the check in unattended mode
and
just print a warning about disconnected topology and what to do
about
it.

I would like to hear your opinions about this.




Attaching rebased and updated patches.


Patch 0098: LGTM


Patch 0099:

a) This check should be done in Server.__init__() rather than
install_check():

+if options.ignore_disconnected_topology:
+print("'--ignore-disconnected-topology' is used only
during "
+  "uninstallation")
+sys.exit(1)


b) s/--ignore-disconnected-topology/--ignore-topology-disconnect/,
for
consistency with other options, e.g. --no-ui-redirect.

Maybe even shorten it to --ignore-topology? But we probably don't
want
people to use this option much, so it might be better to keep it
long?


I would rather leave it with the long option name, it is more
apparent
what this switch should be around.


c) I'm fine with uninstall options, you can remove the TODO:

+# TODO: ask jcholast about uninstallation options


Honza



Attaching updated patches.


NACK

ipa-server-install --uninstall

2015-11-30T17:14:30Z DEBUG Destroyed connection
context.ldap2_140081152041808
2015-11-30T17:14:30Z DEBUG Traceback (most recent call last):
   File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 91, in _handle_exception
 super(Continuous, self)._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 439, in _handle_exception
 super(ComponentBase, self)._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 355, in __runner
 step()
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 352, in 
 step = lambda: next(self.__gen)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
 six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
 value = gen.send(prev_value)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 71, in _uninstall
 for nothing in self._uninstaller(self.parent):
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",

line 1409, in main
 uninstall_check(self)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",

line 265, in decorated
 func(installer)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",

line 1140, in uninstall_check
 api, masters, options.ignore_disconnected_topology)
AttributeError: 'uninstaller(Server)' object has no attribute
'ignore_disconnected_topology'

2015-11-30T17:14:30Z ERROR 'uninstaller(Server)' object has no
attribute
'ignore_disconnected_topology'
2015-11-30T17:14:30Z INFO The ipa-server-install command was
successful



Sorry I have failed horribly during option rename. Attaching patch
that should actually work.


functional ACK

Attaching rebased patches reflecting the recent changes in the handling
of managed topology suffixes handling.






Jan had some more suggestions to the patches. Attaching updated version.




Attaching updated patch 99 with fixed error message.

--
Martin^3 Babinsky
From cd5eb8e2eaf7b632c3941c339b6ef9efb2940629 Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Thu, 19 Nov 2015 17:58:44 +0100
Subject: [PATCH 2/2] implement domain level 1 specific topology checks into
 IPA server uninstaller

When uninstalling domain level 1 master its removal from topology is checked
on remote masters. The uninstaller also checks whether the uninstallation
disconnects the topology and if yes aborts the procedure. The
'--ignore-disconnected-topology' options skips this check.

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409
---
 install/tools/man/ipa-server-install.1 |   3 +

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-12-02 Thread Martin Basti




On 02.12.2015 14:08, Martin Babinsky wrote:

On 12/02/2015 10:45 AM, Martin Babinsky wrote:

On 12/01/2015 02:40 PM, Martin Babinsky wrote:

On 11/30/2015 08:34 PM, Martin Basti wrote:



On 30.11.2015 18:41, Martin Babinsky wrote:

On 11/30/2015 06:15 PM, Martin Basti wrote:



On 30.11.2015 16:43, Martin Babinsky wrote:

On 11/30/2015 12:31 PM, Jan Cholasta wrote:

Hi,

On 27.11.2015 14:58, Martin Babinsky wrote:

On 11/19/2015 06:19 PM, Martin Babinsky wrote:

These two patches fix the following tickets:

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409

I have added a new option '--ignore-disconnected-topology' which
forces
IPA master uninstall despite reported errors in topology. I'm 
not

quite
sure if we want to flood ipa-server-install with
uninstall-specific
options, maybe it is better to skip the check in unattended mode
and
just print a warning about disconnected topology and what to do
about
it.

I would like to hear your opinions about this.




Attaching rebased and updated patches.


Patch 0098: LGTM


Patch 0099:

a) This check should be done in Server.__init__() rather than
install_check():

+if options.ignore_disconnected_topology:
+print("'--ignore-disconnected-topology' is used only
during "
+  "uninstallation")
+sys.exit(1)


b) s/--ignore-disconnected-topology/--ignore-topology-disconnect/,
for
consistency with other options, e.g. --no-ui-redirect.

Maybe even shorten it to --ignore-topology? But we probably don't
want
people to use this option much, so it might be better to keep it
long?


I would rather leave it with the long option name, it is more
apparent
what this switch should be around.


c) I'm fine with uninstall options, you can remove the TODO:

+# TODO: ask jcholast about uninstallation options


Honza



Attaching updated patches.


NACK

ipa-server-install --uninstall

2015-11-30T17:14:30Z DEBUG Destroyed connection
context.ldap2_140081152041808
2015-11-30T17:14:30Z DEBUG Traceback (most recent call last):
   File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 91, in _handle_exception
 super(Continuous, self)._handle_exception(exc_info)
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",

line 387, in _handle_exception
 six.reraise(*exc_info)
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",

line 439, in _handle_exception
 super(ComponentBase, self)._handle_exception(exc_info)
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",

line 387, in _handle_exception
 six.reraise(*exc_info)
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",

line 355, in __runner
 step()
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",

line 352, in 
 step = lambda: next(self.__gen)
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",

line 81, in run_generator_with_yield_from
 six.reraise(*exc_info)
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",

line 59, in run_generator_with_yield_from
 value = gen.send(prev_value)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 71, in _uninstall
 for nothing in self._uninstaller(self.parent):
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 



line 1409, in main
 uninstall_check(self)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 



line 265, in decorated
 func(installer)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 



line 1140, in uninstall_check
 api, masters, options.ignore_disconnected_topology)
AttributeError: 'uninstaller(Server)' object has no attribute
'ignore_disconnected_topology'

2015-11-30T17:14:30Z ERROR 'uninstaller(Server)' object has no
attribute
'ignore_disconnected_topology'
2015-11-30T17:14:30Z INFO The ipa-server-install command was
successful



Sorry I have failed horribly during option rename. Attaching patch
that should actually work.


functional ACK

Attaching rebased patches reflecting the recent changes in the handling
of managed topology suffixes handling.






Jan had some more suggestions to the patches. Attaching updated version.




Attaching updated patch 99 with fixed error message.


Pushed to master: b8c619a7139bd7b65caa03b68431e22791ff19bf

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-12-02 Thread Martin Basti




On 02.12.2015 14:10, Martin Basti wrote:



On 02.12.2015 14:08, Martin Babinsky wrote:

On 12/02/2015 10:45 AM, Martin Babinsky wrote:

On 12/01/2015 02:40 PM, Martin Babinsky wrote:

On 11/30/2015 08:34 PM, Martin Basti wrote:



On 30.11.2015 18:41, Martin Babinsky wrote:

On 11/30/2015 06:15 PM, Martin Basti wrote:



On 30.11.2015 16:43, Martin Babinsky wrote:

On 11/30/2015 12:31 PM, Jan Cholasta wrote:

Hi,

On 27.11.2015 14:58, Martin Babinsky wrote:

On 11/19/2015 06:19 PM, Martin Babinsky wrote:

These two patches fix the following tickets:

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409

I have added a new option '--ignore-disconnected-topology' 
which

forces
IPA master uninstall despite reported errors in topology. 
I'm not

quite
sure if we want to flood ipa-server-install with
uninstall-specific
options, maybe it is better to skip the check in unattended 
mode

and
just print a warning about disconnected topology and what to do
about
it.

I would like to hear your opinions about this.




Attaching rebased and updated patches.


Patch 0098: LGTM


Patch 0099:

a) This check should be done in Server.__init__() rather than
install_check():

+if options.ignore_disconnected_topology:
+print("'--ignore-disconnected-topology' is used only
during "
+  "uninstallation")
+sys.exit(1)


b) 
s/--ignore-disconnected-topology/--ignore-topology-disconnect/,

for
consistency with other options, e.g. --no-ui-redirect.

Maybe even shorten it to --ignore-topology? But we probably don't
want
people to use this option much, so it might be better to keep it
long?


I would rather leave it with the long option name, it is more
apparent
what this switch should be around.


c) I'm fine with uninstall options, you can remove the TODO:

+# TODO: ask jcholast about uninstallation options


Honza



Attaching updated patches.


NACK

ipa-server-install --uninstall

2015-11-30T17:14:30Z DEBUG Destroyed connection
context.ldap2_140081152041808
2015-11-30T17:14:30Z DEBUG Traceback (most recent call last):
   File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 91, in _handle_exception
 super(Continuous, self)._handle_exception(exc_info)
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",

line 387, in _handle_exception
 six.reraise(*exc_info)
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",

line 439, in _handle_exception
 super(ComponentBase, self)._handle_exception(exc_info)
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",

line 387, in _handle_exception
 six.reraise(*exc_info)
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",

line 355, in __runner
 step()
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",

line 352, in 
 step = lambda: next(self.__gen)
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",

line 81, in run_generator_with_yield_from
 six.reraise(*exc_info)
   File 
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",

line 59, in run_generator_with_yield_from
 value = gen.send(prev_value)
   File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 71, in _uninstall
 for nothing in self._uninstaller(self.parent):
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 



line 1409, in main
 uninstall_check(self)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 



line 265, in decorated
 func(installer)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 



line 1140, in uninstall_check
 api, masters, options.ignore_disconnected_topology)
AttributeError: 'uninstaller(Server)' object has no attribute
'ignore_disconnected_topology'

2015-11-30T17:14:30Z ERROR 'uninstaller(Server)' object has no
attribute
'ignore_disconnected_topology'
2015-11-30T17:14:30Z INFO The ipa-server-install command was
successful



Sorry I have failed horribly during option rename. Attaching patch
that should actually work.


functional ACK
Attaching rebased patches reflecting the recent changes in the 
handling

of managed topology suffixes handling.






Jan had some more suggestions to the patches. Attaching updated 
version.





Attaching updated patch 99 with fixed error message.


Pushed to master: b8c619a7139bd7b65caa03b68431e22791ff19bf


ACK :-)

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-12-01 Thread Martin Babinsky


On 11/30/2015 08:34 PM, Martin Basti wrote:



On 30.11.2015 18:41, Martin Babinsky wrote:

On 11/30/2015 06:15 PM, Martin Basti wrote:



On 30.11.2015 16:43, Martin Babinsky wrote:

On 11/30/2015 12:31 PM, Jan Cholasta wrote:

Hi,

On 27.11.2015 14:58, Martin Babinsky wrote:

On 11/19/2015 06:19 PM, Martin Babinsky wrote:

These two patches fix the following tickets:

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409

I have added a new option '--ignore-disconnected-topology' which
forces
IPA master uninstall despite reported errors in topology. I'm not
quite
sure if we want to flood ipa-server-install with uninstall-specific
options, maybe it is better to skip the check in unattended mode and
just print a warning about disconnected topology and what to do
about
it.

I would like to hear your opinions about this.




Attaching rebased and updated patches.


Patch 0098: LGTM


Patch 0099:

a) This check should be done in Server.__init__() rather than
install_check():

+if options.ignore_disconnected_topology:
+print("'--ignore-disconnected-topology' is used only during "
+  "uninstallation")
+sys.exit(1)


b) s/--ignore-disconnected-topology/--ignore-topology-disconnect/, for
consistency with other options, e.g. --no-ui-redirect.

Maybe even shorten it to --ignore-topology? But we probably don't want
people to use this option much, so it might be better to keep it long?


I would rather leave it with the long option name, it is more apparent
what this switch should be around.


c) I'm fine with uninstall options, you can remove the TODO:

+# TODO: ask jcholast about uninstallation options


Honza



Attaching updated patches.


NACK

ipa-server-install --uninstall

2015-11-30T17:14:30Z DEBUG Destroyed connection
context.ldap2_140081152041808
2015-11-30T17:14:30Z DEBUG Traceback (most recent call last):
   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 91, in _handle_exception
 super(Continuous, self)._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 439, in _handle_exception
 super(ComponentBase, self)._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 355, in __runner
 step()
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 352, in 
 step = lambda: next(self.__gen)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
 six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
 value = gen.send(prev_value)
   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 71, in _uninstall
 for nothing in self._uninstaller(self.parent):
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 1409, in main
 uninstall_check(self)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 265, in decorated
 func(installer)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 1140, in uninstall_check
 api, masters, options.ignore_disconnected_topology)
AttributeError: 'uninstaller(Server)' object has no attribute
'ignore_disconnected_topology'

2015-11-30T17:14:30Z ERROR 'uninstaller(Server)' object has no attribute
'ignore_disconnected_topology'
2015-11-30T17:14:30Z INFO The ipa-server-install command was successful



Sorry I have failed horribly during option rename. Attaching patch
that should actually work.


functional ACK
Attaching rebased patches reflecting the recent changes in the handling 
of managed topology suffixes handling.



--
Martin^3 Babinsky
From 5e8f88ee3cd8b80d1e927303647d426f585309e8 Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Thu, 19 Nov 2015 17:58:44 +0100
Subject: [PATCH 2/2] implement domain level 1 specific topology checks into
 IPA server uninstaller

When uninstalling domain level 1 master its removal from topology is checked
on remote masters. The uninstaller also checks whether the uninstallation
disconnects the topology and if yes aborts the procedure. The
'--ignore-disconnected-topology' options skips this check.

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409
---
 install/tools/man/ipa-server-install.1 |   3 +
 ipaserver/install/server/install.py| 193 -
 2 files changed, 169 insertions(+), 27 deletions(-)

diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-11-30 Thread Martin Basti




On 30.11.2015 16:43, Martin Babinsky wrote:

On 11/30/2015 12:31 PM, Jan Cholasta wrote:

Hi,

On 27.11.2015 14:58, Martin Babinsky wrote:

On 11/19/2015 06:19 PM, Martin Babinsky wrote:

These two patches fix the following tickets:

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409

I have added a new option '--ignore-disconnected-topology' which 
forces
IPA master uninstall despite reported errors in topology. I'm not 
quite

sure if we want to flood ipa-server-install with uninstall-specific
options, maybe it is better to skip the check in unattended mode and
just print a warning about disconnected topology and what to do about
it.

I would like to hear your opinions about this.




Attaching rebased and updated patches.


Patch 0098: LGTM


Patch 0099:

a) This check should be done in Server.__init__() rather than
install_check():

+if options.ignore_disconnected_topology:
+print("'--ignore-disconnected-topology' is used only during "
+  "uninstallation")
+sys.exit(1)


b) s/--ignore-disconnected-topology/--ignore-topology-disconnect/, for
consistency with other options, e.g. --no-ui-redirect.

Maybe even shorten it to --ignore-topology? But we probably don't want
people to use this option much, so it might be better to keep it long?

I would rather leave it with the long option name, it is more apparent 
what this switch should be around.


c) I'm fine with uninstall options, you can remove the TODO:

+# TODO: ask jcholast about uninstallation options


Honza



Attaching updated patches.


NACK

ipa-server-install --uninstall

2015-11-30T17:14:30Z DEBUG Destroyed connection 
context.ldap2_140081152041808

2015-11-30T17:14:30Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", 
line 91, in _handle_exception

super(Continuous, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 387, in _handle_exception

six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 439, in _handle_exception

super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 387, in _handle_exception

six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 355, in __runner

step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 352, in 

step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
line 81, in run_generator_with_yield_from

six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
line 59, in run_generator_with_yield_from

value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", 
line 71, in _uninstall

for nothing in self._uninstaller(self.parent):
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 
line 1409, in main

uninstall_check(self)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 
line 265, in decorated

func(installer)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 
line 1140, in uninstall_check

api, masters, options.ignore_disconnected_topology)
AttributeError: 'uninstaller(Server)' object has no attribute 
'ignore_disconnected_topology'


2015-11-30T17:14:30Z ERROR 'uninstaller(Server)' object has no attribute 
'ignore_disconnected_topology'

2015-11-30T17:14:30Z INFO The ipa-server-install command was successful

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-11-30 Thread Martin Babinsky


On 11/30/2015 12:31 PM, Jan Cholasta wrote:

Hi,

On 27.11.2015 14:58, Martin Babinsky wrote:

On 11/19/2015 06:19 PM, Martin Babinsky wrote:

These two patches fix the following tickets:

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409

I have added a new option '--ignore-disconnected-topology' which forces
IPA master uninstall despite reported errors in topology. I'm not quite
sure if we want to flood ipa-server-install with uninstall-specific
options, maybe it is better to skip the check in unattended mode and
just print a warning about disconnected topology and what to do about
it.

I would like to hear your opinions about this.




Attaching rebased and updated patches.


Patch 0098: LGTM


Patch 0099:

a) This check should be done in Server.__init__() rather than
install_check():

+if options.ignore_disconnected_topology:
+print("'--ignore-disconnected-topology' is used only during "
+  "uninstallation")
+sys.exit(1)


b) s/--ignore-disconnected-topology/--ignore-topology-disconnect/, for
consistency with other options, e.g. --no-ui-redirect.

Maybe even shorten it to --ignore-topology? But we probably don't want
people to use this option much, so it might be better to keep it long?

I would rather leave it with the long option name, it is more apparent 
what this switch should be around.


c) I'm fine with uninstall options, you can remove the TODO:

+# TODO: ask jcholast about uninstallation options


Honza



Attaching updated patches.

--
Martin^3 Babinsky
From 9e997fbfa14e66740538f50eace51039226b51c0 Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Thu, 19 Nov 2015 17:58:44 +0100
Subject: [PATCH 2/2] implement domain level 1 specific topology checks into
 IPA server uninstaller

When uninstalling domain level 1 master its removal from topology is checked
on remote masters. The uninstaller also checks whether the uninstallation
disconnects the topology and if yes aborts the procedure. The
'--ignore-disconnected-topology' options skips this check.

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409
---
 install/tools/man/ipa-server-install.1 |   3 +
 ipaserver/install/server/install.py| 193 -
 2 files changed, 169 insertions(+), 27 deletions(-)

diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index 5c601b123385a30a1bd6962663f8f97b528e805e..b11c9503982ece60b6fa862d2bebf201f49c3b86 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -61,6 +61,9 @@ The maximum user and group id number (default: idstart+19). If set to zero,
 \fB\-\-no_hbac_allow\fR
 Don't install allow_all HBAC rule. This rule lets any user from any host access any service on any other host. It is expected that users will remove this rule before moving to production.
 .TP
+\fB\-\-ignore-topology-disconnect\fR
+Ignore errors reported when uninstallation of IPA server would lead to disconnected domain level 1 topology.
+.TP
 \fB\-\-no\-ui\-redirect\fR
 Do not automatically redirect to the Web UI.
 .TP
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index bd07793bb295db9d3b03614f44b54ddd2ea20cb5..333697139a4d67cd89daa3713670a38657884570 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -26,7 +26,7 @@ from ipapython.ipautil import (
 from ipaplatform import services
 from ipaplatform.paths import paths
 from ipaplatform.tasks import tasks
-from ipalib import api, constants, errors, x509
+from ipalib import api, create_api, constants, errors, x509
 from ipalib.constants import CACERT
 from ipalib.util import validate_domain_name
 import ipaclient.ntpconf
@@ -290,6 +290,110 @@ def common_cleanup(func):
 return decorated
 
 
+def check_master_deleted(api, masters, interactive):
+try:
+host_princ = api.Command.host_show(api.env.host)['result']['krbprincipalname'][0]
+except Exception as e:
+root_logger.warning(
+"Failed to get host principal name: {0}".format(e)
+)
+return False
+
+ccache_path = os.path.join('/', 'tmp', 'krb5cc_host')
+with ipautil.private_ccache(ccache_path):
+try:
+ipautil.kinit_keytab(host_princ, paths.KRB5_KEYTAB, ccache_path)
+except Exception as e:
+root_logger.error(
+"Kerberos authentication as '{0}' failed: {1}".format(
+host_princ, e
+)
+)
+return False
+
+last_server = True
+for master in masters:
+master_cn = master['cn'][0]
+if api.env.host == master_cn:
+continue
+
+last_server = False
+master_ldap_uri = u'ldap://{0}'.format(master_cn)
+
+# initialize remote api
+remote_api =

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-11-30 Thread Martin Babinsky


On 11/30/2015 06:15 PM, Martin Basti wrote:



On 30.11.2015 16:43, Martin Babinsky wrote:

On 11/30/2015 12:31 PM, Jan Cholasta wrote:

Hi,

On 27.11.2015 14:58, Martin Babinsky wrote:

On 11/19/2015 06:19 PM, Martin Babinsky wrote:

These two patches fix the following tickets:

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409

I have added a new option '--ignore-disconnected-topology' which
forces
IPA master uninstall despite reported errors in topology. I'm not
quite
sure if we want to flood ipa-server-install with uninstall-specific
options, maybe it is better to skip the check in unattended mode and
just print a warning about disconnected topology and what to do about
it.

I would like to hear your opinions about this.




Attaching rebased and updated patches.


Patch 0098: LGTM


Patch 0099:

a) This check should be done in Server.__init__() rather than
install_check():

+if options.ignore_disconnected_topology:
+print("'--ignore-disconnected-topology' is used only during "
+  "uninstallation")
+sys.exit(1)


b) s/--ignore-disconnected-topology/--ignore-topology-disconnect/, for
consistency with other options, e.g. --no-ui-redirect.

Maybe even shorten it to --ignore-topology? But we probably don't want
people to use this option much, so it might be better to keep it long?


I would rather leave it with the long option name, it is more apparent
what this switch should be around.


c) I'm fine with uninstall options, you can remove the TODO:

+# TODO: ask jcholast about uninstallation options


Honza



Attaching updated patches.


NACK

ipa-server-install --uninstall

2015-11-30T17:14:30Z DEBUG Destroyed connection
context.ldap2_140081152041808
2015-11-30T17:14:30Z DEBUG Traceback (most recent call last):
   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 91, in _handle_exception
 super(Continuous, self)._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 439, in _handle_exception
 super(ComponentBase, self)._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 387, in _handle_exception
 six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 355, in __runner
 step()
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 352, in 
 step = lambda: next(self.__gen)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
 six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
 value = gen.send(prev_value)
   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 71, in _uninstall
 for nothing in self._uninstaller(self.parent):
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 1409, in main
 uninstall_check(self)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 265, in decorated
 func(installer)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 1140, in uninstall_check
 api, masters, options.ignore_disconnected_topology)
AttributeError: 'uninstaller(Server)' object has no attribute
'ignore_disconnected_topology'

2015-11-30T17:14:30Z ERROR 'uninstaller(Server)' object has no attribute
'ignore_disconnected_topology'
2015-11-30T17:14:30Z INFO The ipa-server-install command was successful



Sorry I have failed horribly during option rename. Attaching patch that 
should actually work.


--
Martin^3 Babinsky
From 77866f7d7458e5f33ff185f17ba89bb4170cf2da Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Thu, 19 Nov 2015 17:58:44 +0100
Subject: [PATCH] implement domain level 1 specific topology checks into IPA
 server uninstaller

When uninstalling domain level 1 master its removal from topology is checked
on remote masters. The uninstaller also checks whether the uninstallation
disconnects the topology and if yes aborts the procedure. The
'--ignore-disconnected-topology' options skips this check.

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409
---
 install/tools/man/ipa-server-install.1 |   3 +
 ipaserver/install/server/install.py| 193 -
 2 files changed, 169 insertions(+), 27 deletions(-)

diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index 5c601b123385a30a1bd6962663f8f97b528e805e..b11c9503982ece60b6fa862d2bebf201f49c3b86 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -61,6 +61,9 @@ The maximum user and group id number

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-11-30 Thread Jan Cholasta


Hi,

On 27.11.2015 14:58, Martin Babinsky wrote:

On 11/19/2015 06:19 PM, Martin Babinsky wrote:

These two patches fix the following tickets:

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409

I have added a new option '--ignore-disconnected-topology' which forces
IPA master uninstall despite reported errors in topology. I'm not quite
sure if we want to flood ipa-server-install with uninstall-specific
options, maybe it is better to skip the check in unattended mode and
just print a warning about disconnected topology and what to do about it.

I would like to hear your opinions about this.




Attaching rebased and updated patches.


Patch 0098: LGTM


Patch 0099:

a) This check should be done in Server.__init__() rather than 
install_check():


+if options.ignore_disconnected_topology:
+print("'--ignore-disconnected-topology' is used only during "
+  "uninstallation")
+sys.exit(1)


b) s/--ignore-disconnected-topology/--ignore-topology-disconnect/, for 
consistency with other options, e.g. --no-ui-redirect.


Maybe even shorten it to --ignore-topology? But we probably don't want 
people to use this option much, so it might be better to keep it long?



c) I'm fine with uninstall options, you can remove the TODO:

+# TODO: ask jcholast about uninstallation options


Honza

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-11-27 Thread Martin Babinsky


On 11/19/2015 06:19 PM, Martin Babinsky wrote:

These two patches fix the following tickets:

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409

I have added a new option '--ignore-disconnected-topology' which forces
IPA master uninstall despite reported errors in topology. I'm not quite
sure if we want to flood ipa-server-install with uninstall-specific
options, maybe it is better to skip the check in unattended mode and
just print a warning about disconnected topology and what to do about it.

I would like to hear your opinions about this.




Attaching rebased and updated patches.

--
Martin^3 Babinsky
From 9c2e5ed10c110ffb5e3bce458468a6845a6dca57 Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Thu, 19 Nov 2015 17:58:44 +0100
Subject: [PATCH 2/2] implement domain level 1 specific topology checks into
 IPA server uninstaller

When uninstalling domain level 1 master its removal from topology is checked
on remote masters. The uninstaller also checks whether the uninstallation
disconnects the topology and if yes aborts the procedure. The
'--ignore-disconnected-topology' options skips this check.

https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409
---
 install/tools/man/ipa-server-install.1 |   3 +
 ipaserver/install/server/install.py| 194 -
 2 files changed, 170 insertions(+), 27 deletions(-)

diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index 5c601b123385a30a1bd6962663f8f97b528e805e..7769d4f5116d262df05e7e7b0bbd0d2eb37f6266 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -61,6 +61,9 @@ The maximum user and group id number (default: idstart+19). If set to zero,
 \fB\-\-no_hbac_allow\fR
 Don't install allow_all HBAC rule. This rule lets any user from any host access any service on any other host. It is expected that users will remove this rule before moving to production.
 .TP
+\fB\-\-ignore-disconnected-topology\fR
+Ignore errors reported when uninstallation of IPA server would lead to disconnected domain level 1 topology.
+.TP
 \fB\-\-no\-ui\-redirect\fR
 Do not automatically redirect to the Web UI.
 .TP
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index bd07793bb295db9d3b03614f44b54ddd2ea20cb5..55d62a618e91c5968486317c5f57df862c1c7f52 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -26,7 +26,7 @@ from ipapython.ipautil import (
 from ipaplatform import services
 from ipaplatform.paths import paths
 from ipaplatform.tasks import tasks
-from ipalib import api, constants, errors, x509
+from ipalib import api, create_api, constants, errors, x509
 from ipalib.constants import CACERT
 from ipalib.util import validate_domain_name
 import ipaclient.ntpconf
@@ -290,6 +290,110 @@ def common_cleanup(func):
 return decorated
 
 
+def check_master_deleted(api, masters, interactive):
+try:
+host_princ = api.Command.host_show(api.env.host)['result']['krbprincipalname'][0]
+except Exception as e:
+root_logger.warning(
+"Failed to get host principal name: {0}".format(e)
+)
+return False
+
+ccache_path = os.path.join('/', 'tmp', 'krb5cc_host')
+with ipautil.private_ccache(ccache_path):
+try:
+ipautil.kinit_keytab(host_princ, paths.KRB5_KEYTAB, ccache_path)
+except Exception as e:
+root_logger.error(
+"Kerberos authentication as '{0}' failed: {1}".format(
+host_princ, e
+)
+)
+return False
+
+last_server = True
+for master in masters:
+master_cn = master['cn'][0]
+if api.env.host == master_cn:
+continue
+
+last_server = False
+master_ldap_uri = u'ldap://{0}'.format(master_cn)
+
+# initialize remote api
+remote_api = create_api(mode=None)
+remote_api.bootstrap(ldap_uri=master_ldap_uri, in_server=True)
+remote_api.finalize()
+
+root_logger.debug("Connecting to '{0}'...".format(master_ldap_uri))
+try:
+remote_api.Backend.ldap2.connect(ccache=ccache_path)
+remote_api.Command.server_show(api.env.host)
+root_logger.debug(
+"Server entry '{0}' present on '{1}'".format(
+api.env.host, master_cn
+)
+)
+return False
+except (errors.NotFound, errors.ACIError):
+# this may occur because the node was already deleted from the
+# topology and the host principal doesn't exist
+root_logger.debug(
+"'{0}' was removed from topology".format(
+

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

13 matches

Site Navigation

Mail list logo

Footer information