Re: [Freeipa-devel] [PATCH] 0080 Sync in both direction before changing replication agreement in replica
On Mon, 31 Jan 2011 23:07:24 -0500 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: On Mon, 31 Jan 2011 18:38:47 -0500 Simo Sorcesso...@redhat.com wrote: See also ticket #887 Simo. With a patch file it works better I guess :-) Simo. I wasn't entirely sure how to test this so I use ipa-replica-manage re-initialize --from=master.example.com It seemed to work, not sure how I can really tell. I did notice this in my 389-ds error log: [31/Jan/2011:23:05:59 -0500] - import userRoot: Import complete. Processed 159 entries in 4 seconds. (39.75 entries/sec) [31/Jan/2011:23:06:00 -0500] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=example,dc=com is coming online; enabling replication [31/Jan/2011:23:06:00 -0500] NSMMReplicationPlugin - replica_reload_ruv: Warning: new data for replica dc=example,dc=com does not match the data in the changelog. Recreating the changelog file. This could affect replication with replica's consumers in which case the consumers should be reinitialized. rob I changed force-sync not re-inititialize :-) And the actual real change happend in ipa-replica-install So the way to test it would be to install a replica and make sure it works (I tested it on my side and it did). Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0080 Sync in both direction before changing replication agreement in replica
On 01/31/2011 09:07 PM, Rob Crittenden wrote: Simo Sorce wrote: On Mon, 31 Jan 2011 18:38:47 -0500 Simo Sorcesso...@redhat.com wrote: See also ticket #887 Simo. With a patch file it works better I guess :-) Simo. I wasn't entirely sure how to test this so I use ipa-replica-manage re-initialize --from=master.example.com It seemed to work, not sure how I can really tell. I did notice this in my 389-ds error log: [31/Jan/2011:23:05:59 -0500] - import userRoot: Import complete. Processed 159 entries in 4 seconds. (39.75 entries/sec) [31/Jan/2011:23:06:00 -0500] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=example,dc=com is coming online; enabling replication [31/Jan/2011:23:06:00 -0500] NSMMReplicationPlugin - replica_reload_ruv: Warning: new data for replica dc=example,dc=com does not match the data in the changelog. Recreating the changelog file. This could affect replication with replica's consumers in which case the consumers should be reinitialized. This should be ok. This basically means hey, your database has just be reloaded. The server should wipe out the changelog and create a new one. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 0080 Sync in both direction before changing replication agreement in replica
See also ticket #887 Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0080 Sync in both direction before changing replication agreement in replica
On Mon, 31 Jan 2011 18:38:47 -0500 Simo Sorce sso...@redhat.com wrote: See also ticket #887 Simo. With a patch file it works better I guess :-) Simo. -- Simo Sorce * Red Hat, Inc * New York From 87efe64a3f0c3a68e258c4703e0f507ff1620265 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Mon, 31 Jan 2011 16:20:40 -0500 Subject: [PATCH] Force sync in both direction before changing replication agreements Fixes: https://fedorahosted.org/freeipa/ticket/887 --- install/tools/ipa-replica-manage | 10 + ipaserver/install/replication.py | 40 +++-- 2 files changed, 26 insertions(+), 24 deletions(-) diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 8f0b7c59c75042d1b3b4dadbc9e53cd311434a5c..19ff1f904fff0966d3ef0534366f787b7aa244db 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -358,15 +358,7 @@ def re_initialize(realm, options): def force_sync(realm, thishost, fromhost, dirman_passwd): repl = replication.ReplicationManager(realm, fromhost, dirman_passwd) - -filter = ((nsDS5ReplicaHost=%s)(|(objectclass=nsDSWindowsReplicationAgreement)(objectclass=nsds5ReplicationAgreement))) % thishost -entry = repl.conn.search_s(cn=config, ldap.SCOPE_SUBTREE, filter) -if len(entry) == 0: -logging.error(Unable to find %s - %s replication agreement % (fromhost, thishost)) -sys.exit(1) -if len(entry) 1: -logging.error(Found multiple agreements for %s. Only initializing the first one returned: %s % (thishost, entry[0].dn)) -repl.force_synch(entry[0].dn, entry[0].nsds5replicaupdateschedule) +repl.force_sync(repl.conn, thishost) def main(): options, args = parse_options() diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 77ca0578ed66ee7f206e1797b432ccf1c5522b39..ac35db1a2bf9268ce738f31738df5de92c145f66 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -653,21 +653,15 @@ class ReplicationManager: # First off make sure servers are in sync so that both KDCs # have all princiapls and their passwords and can release # the right tickets. We do this by force pushing all our changes -filter = ((nsDS5ReplicaHost=%s)(objectclass=nsds5ReplicationAgreement)) % r_hostname -entry = self.conn.search_s(cn=config, ldap.SCOPE_SUBTREE, filter) -if len(entry) == 0: -raise RuntimeError(Missing %s - %s replication agreement % - (self.hostname, r_hostname)) -if len(entry) 1: -logging.info(Found multiple agreements for %s. % r_hostname) -logging.info(Syncing only the first one: %s % entry[0].dn) - -self.force_synch(entry[0].dn, entry[0].nsds5replicaupdateschedule) - -# now wait until we are sure replication has succeeded. +self.force_sync(self.conn, r_hostname) cn, dn = self.agreement_dn(r_hostname) self.wait_for_repl_update(self.conn, dn, 30) +# now in the opposite direction +self.force_sync(r_conn, self.hostname) +cn, dn = self.agreement_dn(self.hostname) +self.wait_for_repl_update(r_conn, dn, 30) + # now that directories are in sync, # change the agreements to use GSSAPI self.gssapi_update_agreements(self.conn, r_conn) @@ -700,9 +694,25 @@ class ReplicationManager: except ldap.ALREADY_EXISTS: return -def force_synch(self, dn, schedule): +def force_sync(self, conn, hostname): + newschedule = '2358-2359 0' +filter = '((nsDS5ReplicaHost=%s)' \ + '(|(objectclass=nsDSWindowsReplicationAgreement)' \ + '(objectclass=nsds5ReplicationAgreement)))' % hostname +entry = conn.search_s(cn=config, ldap.SCOPE_SUBTREE, filter) +if len(entry) == 0: +logging.error(Unable to find replication agreement for %s % + (hostname)) +raise RuntimeError(Unable to proceed) +if len(entry) 1: +logging.error(Found multiple agreements for %s % hostname) +logging.error(Using the first one only (%s) % entry[0].dn) + +dn = entry[0].dn +schedule = entry[0].nsds5replicaupdateschedule + # On the remote chance of a match. We force a synch to happen right # now by changing the schedule to something else and quickly changing # it back. @@ -711,12 +721,12 @@ class ReplicationManager: logging.info(Changing agreement %s schedule to %s to force synch % (dn, newschedule)) mod = [(ldap.MOD_REPLACE, 'nsDS5ReplicaUpdateSchedule', [ newschedule ])] -self.conn.modify_s(dn, mod) +conn.modify_s(dn, mod) time.sleep(1) logging.info(Changing agreement %s to restore original schedule %s %
Re: [Freeipa-devel] [PATCH] 0080 Sync in both direction before changing replication agreement in replica
Simo Sorce wrote: On Mon, 31 Jan 2011 18:38:47 -0500 Simo Sorcesso...@redhat.com wrote: See also ticket #887 Simo. With a patch file it works better I guess :-) Simo. I wasn't entirely sure how to test this so I use ipa-replica-manage re-initialize --from=master.example.com It seemed to work, not sure how I can really tell. I did notice this in my 389-ds error log: [31/Jan/2011:23:05:59 -0500] - import userRoot: Import complete. Processed 159 entries in 4 seconds. (39.75 entries/sec) [31/Jan/2011:23:06:00 -0500] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=example,dc=com is coming online; enabling replication [31/Jan/2011:23:06:00 -0500] NSMMReplicationPlugin - replica_reload_ruv: Warning: new data for replica dc=example,dc=com does not match the data in the changelog. Recreating the changelog file. This could affect replication with replica's consumers in which case the consumers should be reinitialized. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
