Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands
On 06/03/2015 05:28 PM, Martin Babinsky wrote: On 06/03/2015 03:53 PM, Petr Vobornik wrote: On 06/03/2015 02:38 PM, Martin Babinsky wrote: On 06/03/2015 01:34 PM, Petr Vobornik wrote: On 06/03/2015 10:59 AM, Martin Babinsky wrote: On 06/03/2015 10:52 AM, Martin Babinsky wrote: On 05/26/2015 03:31 PM, Petr Vobornik wrote: On 05/26/2015 12:19 PM, Petr Vobornik wrote: this patch is based on top of my patch #856 and tbabej' s 325-9. Obsoletes Ludwig's 0006. ipalib part of topology management Design: - http://www.freeipa.org/page/V4/Manage_replication_topology https://fedorahosted.org/freeipa/ticket/4302 snip ACK Pushed to master: b189e66298816c3414e027c914b5e62f30512330 -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands
On 06/03/2015 10:59 AM, Martin Babinsky wrote:
On 06/03/2015 10:52 AM, Martin Babinsky wrote:
On 05/26/2015 03:31 PM, Petr Vobornik wrote:
On 05/26/2015 12:19 PM, Petr Vobornik wrote:
this patch is based on top of my patch #856 and tbabej'
s 325-9.
Obsoletes Ludwig's 0006.
ipalib part of topology management
Design:
- http://www.freeipa.org/page/V4/Manage_replication_topology
https://fedorahosted.org/freeipa/ticket/4302
New version attached:
- domainlevel_show usage changed to domainlevel_get
- updated VERSION
- added more attrs to default_attributes
Hi Petr,
the commands themselves seem to work just fine. I had encountered some
quirks in the underlying topology plugin, but I will address them in a
different thread in order to keep the discussion relevant to the
reviewed patch.
I have some minor coomments below:
1.)
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=121
-# Last change: pvoborni - added server-find and server-show
+IPA_API_VERSION_MINOR=122
+# Last change: pvoborni - added topology management commands
Several people were touching API in the meantime so please double-check
that you have correct VERSION and regenerate API.txt
Patch rebased.
2.)
+Str(
+'nsds5replicatedattributelist?',
+cli_name='replattrs',
+label='Attributes to replicate',
+doc=_('Attributes that are not replicated to a consumer
server '
+ 'during a fractional update. E.g., `(objectclass=*) '
+ '$ EXCLUDE accountlockout memberof'),
+),
+Str(
+'nsds5replicatedattributelisttotal?',
+cli_name='replattrstotal',
+label=_('Attributes for total update'),
+doc=_('Attributes that are not replicated to a consumer
server '
+ 'during a total update. E.g. (objectclass=*) $
EXCLUDE '
+ 'accountlockout'),
The descriptions of these two options confused me greatly, are these
attributes supposed to be replicated or not, or is there some more
complex logic behind them that I failed to grasp? I am cc'ing Ludwig, he
can probably explain them to us and then we can decide whether we may
alter the descriptions to be less confusing.
3.)
+takes_params = (
+Str(
+'cn',
+cli_name='name',
+primary_key=True,
+label=_('Suffix name'),
+),
+Str(
+'iparepltopoconfroot',
+maxlength=255,
+cli_name='suffix',
+label=_('Suffix to be managed'),
+normalizer=lambda value: value.lower(),
+),
+)
This also confused me at first, I suggest to change the label of
'iparepltopoconfroot' to something like 'LDAP suffix to be managed' or
'LDAP subtree to be managed'.
Changed to 'LDAP suffix to be managed'
4.)
There is currently no way to rename existing topology segments/suffixes.
In the case of hosts with funky FQDN's (pointing at you, ABC lab), the
segment cn's created during replica installs are mearly impossible to
remember and it would be nice to rename them to something more
manageable. However, this is not related to core functionality and can
be a subject of a separate patch once this gets pushed.
That's all from my side.
I also forgot to ask what is the expected policy when deleting a
non-empty topology suffix. If this is not supported and you have to
first remove all segments and then the suffix itself, the
'topologysuffix-del' command should issue an error pointing the user to
correct procedure.
Do we have a use case for creation or deletion of topology suffix?
--
Petr Vobornik
From ea383de2037b63e0ec725fff1fbd7bd69673d40d Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Fri, 22 May 2015 09:50:09 +0200
Subject: [PATCH] topology: ipa management commands
ipalib part of topology management
Design:
- http://www.freeipa.org/page/V4/Manage_replication_topology
https://fedorahosted.org/freeipa/ticket/4302
---
API.txt| 155 ++
VERSION| 4 +-
ipalib/constants.py| 1 +
ipalib/plugins/topology.py | 383 +
4 files changed, 541 insertions(+), 2 deletions(-)
create mode 100644 ipalib/plugins/topology.py
diff --git a/API.txt b/API.txt
index 6520f2c428342cdd30b0db830ed4ddbc89e4302a..0e42fadc66c129e53c3860fb7eeec69c1f148147 100644
--- a/API.txt
+++ b/API.txt
@@ -4494,6 +4494,161 @@ option: Str('version?', exclude='webui')
output: Entry('result', type 'dict', Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('summary', (type 'unicode', type 'NoneType'), None)
output: PrimaryKey('value', None, None)
+command: topologysegment_add
+args: 2,13,3
+arg: Str('topologysuffixcn', cli_name='topologysuffix', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255,
Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands
On 05/26/2015 03:31 PM, Petr Vobornik wrote:
On 05/26/2015 12:19 PM, Petr Vobornik wrote:
this patch is based on top of my patch #856 and tbabej'
s 325-9.
Obsoletes Ludwig's 0006.
ipalib part of topology management
Design:
- http://www.freeipa.org/page/V4/Manage_replication_topology
https://fedorahosted.org/freeipa/ticket/4302
New version attached:
- domainlevel_show usage changed to domainlevel_get
- updated VERSION
- added more attrs to default_attributes
Hi Petr,
the commands themselves seem to work just fine. I had encountered some
quirks in the underlying topology plugin, but I will address them in a
different thread in order to keep the discussion relevant to the
reviewed patch.
I have some minor coomments below:
1.)
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=121
-# Last change: pvoborni - added server-find and server-show
+IPA_API_VERSION_MINOR=122
+# Last change: pvoborni - added topology management commands
Several people were touching API in the meantime so please double-check
that you have correct VERSION and regenerate API.txt
2.)
+Str(
+'nsds5replicatedattributelist?',
+cli_name='replattrs',
+label='Attributes to replicate',
+doc=_('Attributes that are not replicated to a consumer
server '
+ 'during a fractional update. E.g., `(objectclass=*) '
+ '$ EXCLUDE accountlockout memberof'),
+),
+Str(
+'nsds5replicatedattributelisttotal?',
+cli_name='replattrstotal',
+label=_('Attributes for total update'),
+doc=_('Attributes that are not replicated to a consumer
server '
+ 'during a total update. E.g. (objectclass=*) $ EXCLUDE '
+ 'accountlockout'),
The descriptions of these two options confused me greatly, are these
attributes supposed to be replicated or not, or is there some more
complex logic behind them that I failed to grasp? I am cc'ing Ludwig, he
can probably explain them to us and then we can decide whether we may
alter the descriptions to be less confusing.
3.)
+takes_params = (
+Str(
+'cn',
+cli_name='name',
+primary_key=True,
+label=_('Suffix name'),
+),
+Str(
+'iparepltopoconfroot',
+maxlength=255,
+cli_name='suffix',
+label=_('Suffix to be managed'),
+normalizer=lambda value: value.lower(),
+),
+)
This also confused me at first, I suggest to change the label of
'iparepltopoconfroot' to something like 'LDAP suffix to be managed' or
'LDAP subtree to be managed'.
4.)
There is currently no way to rename existing topology segments/suffixes.
In the case of hosts with funky FQDN's (pointing at you, ABC lab), the
segment cn's created during replica installs are mearly impossible to
remember and it would be nice to rename them to something more
manageable. However, this is not related to core functionality and can
be a subject of a separate patch once this gets pushed.
That's all from my side.
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands
On 06/03/2015 10:52 AM, Martin Babinsky wrote:
On 05/26/2015 03:31 PM, Petr Vobornik wrote:
On 05/26/2015 12:19 PM, Petr Vobornik wrote:
this patch is based on top of my patch #856 and tbabej'
s 325-9.
Obsoletes Ludwig's 0006.
ipalib part of topology management
Design:
- http://www.freeipa.org/page/V4/Manage_replication_topology
https://fedorahosted.org/freeipa/ticket/4302
New version attached:
- domainlevel_show usage changed to domainlevel_get
- updated VERSION
- added more attrs to default_attributes
Hi Petr,
the commands themselves seem to work just fine. I had encountered some
quirks in the underlying topology plugin, but I will address them in a
different thread in order to keep the discussion relevant to the
reviewed patch.
I have some minor coomments below:
1.)
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=121
-# Last change: pvoborni - added server-find and server-show
+IPA_API_VERSION_MINOR=122
+# Last change: pvoborni - added topology management commands
Several people were touching API in the meantime so please double-check
that you have correct VERSION and regenerate API.txt
2.)
+Str(
+'nsds5replicatedattributelist?',
+cli_name='replattrs',
+label='Attributes to replicate',
+doc=_('Attributes that are not replicated to a consumer
server '
+ 'during a fractional update. E.g., `(objectclass=*) '
+ '$ EXCLUDE accountlockout memberof'),
+),
+Str(
+'nsds5replicatedattributelisttotal?',
+cli_name='replattrstotal',
+label=_('Attributes for total update'),
+doc=_('Attributes that are not replicated to a consumer
server '
+ 'during a total update. E.g. (objectclass=*) $ EXCLUDE '
+ 'accountlockout'),
The descriptions of these two options confused me greatly, are these
attributes supposed to be replicated or not, or is there some more
complex logic behind them that I failed to grasp? I am cc'ing Ludwig, he
can probably explain them to us and then we can decide whether we may
alter the descriptions to be less confusing.
3.)
+takes_params = (
+Str(
+'cn',
+cli_name='name',
+primary_key=True,
+label=_('Suffix name'),
+),
+Str(
+'iparepltopoconfroot',
+maxlength=255,
+cli_name='suffix',
+label=_('Suffix to be managed'),
+normalizer=lambda value: value.lower(),
+),
+)
This also confused me at first, I suggest to change the label of
'iparepltopoconfroot' to something like 'LDAP suffix to be managed' or
'LDAP subtree to be managed'.
4.)
There is currently no way to rename existing topology segments/suffixes.
In the case of hosts with funky FQDN's (pointing at you, ABC lab), the
segment cn's created during replica installs are mearly impossible to
remember and it would be nice to rename them to something more
manageable. However, this is not related to core functionality and can
be a subject of a separate patch once this gets pushed.
That's all from my side.
I also forgot to ask what is the expected policy when deleting a
non-empty topology suffix. If this is not supported and you have to
first remove all segments and then the suffix itself, the
'topologysuffix-del' command should issue an error pointing the user to
correct procedure.
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands
On 06/03/2015 02:38 PM, Martin Babinsky wrote:
On 06/03/2015 01:34 PM, Petr Vobornik wrote:
On 06/03/2015 10:59 AM, Martin Babinsky wrote:
On 06/03/2015 10:52 AM, Martin Babinsky wrote:
On 05/26/2015 03:31 PM, Petr Vobornik wrote:
On 05/26/2015 12:19 PM, Petr Vobornik wrote:
this patch is based on top of my patch #856 and tbabej'
s 325-9.
Obsoletes Ludwig's 0006.
ipalib part of topology management
Design:
- http://www.freeipa.org/page/V4/Manage_replication_topology
https://fedorahosted.org/freeipa/ticket/4302
New version attached:
- domainlevel_show usage changed to domainlevel_get
- updated VERSION
- added more attrs to default_attributes
Hi Petr,
the commands themselves seem to work just fine. I had encountered some
quirks in the underlying topology plugin, but I will address them in a
different thread in order to keep the discussion relevant to the
reviewed patch.
I have some minor coomments below:
1.)
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=121
-# Last change: pvoborni - added server-find and server-show
+IPA_API_VERSION_MINOR=122
+# Last change: pvoborni - added topology management commands
Several people were touching API in the meantime so please double-check
that you have correct VERSION and regenerate API.txt
Patch rebased.
2.)
+Str(
+'nsds5replicatedattributelist?',
+cli_name='replattrs',
+label='Attributes to replicate',
+doc=_('Attributes that are not replicated to a consumer
server '
+ 'during a fractional update. E.g.,
`(objectclass=*) '
+ '$ EXCLUDE accountlockout memberof'),
+),
+Str(
+'nsds5replicatedattributelisttotal?',
+cli_name='replattrstotal',
+label=_('Attributes for total update'),
+doc=_('Attributes that are not replicated to a consumer
server '
+ 'during a total update. E.g. (objectclass=*) $
EXCLUDE '
+ 'accountlockout'),
The descriptions of these two options confused me greatly, are these
attributes supposed to be replicated or not, or is there some more
complex logic behind them that I failed to grasp? I am cc'ing
Ludwig, he
can probably explain them to us and then we can decide whether we may
alter the descriptions to be less confusing.
3.)
+takes_params = (
+Str(
+'cn',
+cli_name='name',
+primary_key=True,
+label=_('Suffix name'),
+),
+Str(
+'iparepltopoconfroot',
+maxlength=255,
+cli_name='suffix',
+label=_('Suffix to be managed'),
+normalizer=lambda value: value.lower(),
+),
+)
This also confused me at first, I suggest to change the label of
'iparepltopoconfroot' to something like 'LDAP suffix to be managed' or
'LDAP subtree to be managed'.
Changed to 'LDAP suffix to be managed'
4.)
There is currently no way to rename existing topology
segments/suffixes.
In the case of hosts with funky FQDN's (pointing at you, ABC lab), the
segment cn's created during replica installs are mearly impossible to
remember and it would be nice to rename them to something more
manageable. However, this is not related to core functionality and can
be a subject of a separate patch once this gets pushed.
That's all from my side.
I also forgot to ask what is the expected policy when deleting a
non-empty topology suffix. If this is not supported and you have to
first remove all segments and then the suffix itself, the
'topologysuffix-del' command should issue an error pointing the user to
correct procedure.
Do we have a use case for creation or deletion of topology suffix?
That's a good question.
Anyway, I have noticed couple more things:
1.) it seems that there some of unused imports in topology.py. Please
investigate whether all of them are really needed.
Fixed
2.)
+from ipalib.plugins.baseldap import *
+from ipalib.plugins import baseldap
I do not like that starred import at all. Either import the particular
classes you use (like e.g. in basuser.py), or just leave the second
import statetement and use the appropriate namespace
(baseldap.LDAPObject etc.).
Fixed
3.) there are couple of pep8 complaints, please try to fix them unless
it impairs readability:
./ipalib/constants.py:121:80: E501 line too long (81 79 characters)
./ipalib/plugins/topology.py:72:80: E501 line too long (88 79 characters)
./ipalib/plugins/topology.py:73:26: E131 continuation line unaligned for
hanging indent
./ipalib/plugins/topology.py:73:80: E501 line too long (93 79 characters)
./ipalib/plugins/topology.py:103:80: E501 line too long (80 79
characters)
./ipalib/plugins/topology.py:111:80: E501 line too long (80 79
characters)
./ipalib/plugins/topology.py:207:80: E501 line too long (80 79
characters)
./ipalib/plugins/topology.py:232:80: E501 line too long (80 79
characters)
won't fix
Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands
On 06/03/2015 01:34 PM, Petr Vobornik wrote:
On 06/03/2015 10:59 AM, Martin Babinsky wrote:
On 06/03/2015 10:52 AM, Martin Babinsky wrote:
On 05/26/2015 03:31 PM, Petr Vobornik wrote:
On 05/26/2015 12:19 PM, Petr Vobornik wrote:
this patch is based on top of my patch #856 and tbabej'
s 325-9.
Obsoletes Ludwig's 0006.
ipalib part of topology management
Design:
- http://www.freeipa.org/page/V4/Manage_replication_topology
https://fedorahosted.org/freeipa/ticket/4302
New version attached:
- domainlevel_show usage changed to domainlevel_get
- updated VERSION
- added more attrs to default_attributes
Hi Petr,
the commands themselves seem to work just fine. I had encountered some
quirks in the underlying topology plugin, but I will address them in a
different thread in order to keep the discussion relevant to the
reviewed patch.
I have some minor coomments below:
1.)
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=121
-# Last change: pvoborni - added server-find and server-show
+IPA_API_VERSION_MINOR=122
+# Last change: pvoborni - added topology management commands
Several people were touching API in the meantime so please double-check
that you have correct VERSION and regenerate API.txt
Patch rebased.
2.)
+Str(
+'nsds5replicatedattributelist?',
+cli_name='replattrs',
+label='Attributes to replicate',
+doc=_('Attributes that are not replicated to a consumer
server '
+ 'during a fractional update. E.g., `(objectclass=*) '
+ '$ EXCLUDE accountlockout memberof'),
+),
+Str(
+'nsds5replicatedattributelisttotal?',
+cli_name='replattrstotal',
+label=_('Attributes for total update'),
+doc=_('Attributes that are not replicated to a consumer
server '
+ 'during a total update. E.g. (objectclass=*) $
EXCLUDE '
+ 'accountlockout'),
The descriptions of these two options confused me greatly, are these
attributes supposed to be replicated or not, or is there some more
complex logic behind them that I failed to grasp? I am cc'ing Ludwig, he
can probably explain them to us and then we can decide whether we may
alter the descriptions to be less confusing.
3.)
+takes_params = (
+Str(
+'cn',
+cli_name='name',
+primary_key=True,
+label=_('Suffix name'),
+),
+Str(
+'iparepltopoconfroot',
+maxlength=255,
+cli_name='suffix',
+label=_('Suffix to be managed'),
+normalizer=lambda value: value.lower(),
+),
+)
This also confused me at first, I suggest to change the label of
'iparepltopoconfroot' to something like 'LDAP suffix to be managed' or
'LDAP subtree to be managed'.
Changed to 'LDAP suffix to be managed'
4.)
There is currently no way to rename existing topology segments/suffixes.
In the case of hosts with funky FQDN's (pointing at you, ABC lab), the
segment cn's created during replica installs are mearly impossible to
remember and it would be nice to rename them to something more
manageable. However, this is not related to core functionality and can
be a subject of a separate patch once this gets pushed.
That's all from my side.
I also forgot to ask what is the expected policy when deleting a
non-empty topology suffix. If this is not supported and you have to
first remove all segments and then the suffix itself, the
'topologysuffix-del' command should issue an error pointing the user to
correct procedure.
Do we have a use case for creation or deletion of topology suffix?
That's a good question.
Anyway, I have noticed couple more things:
1.) it seems that there some of unused imports in topology.py. Please
investigate whether all of them are really needed.
2.)
+from ipalib.plugins.baseldap import *
+from ipalib.plugins import baseldap
I do not like that starred import at all. Either import the particular
classes you use (like e.g. in basuser.py), or just leave the second
import statetement and use the appropriate namespace
(baseldap.LDAPObject etc.).
3.) there are couple of pep8 complaints, please try to fix them unless
it impairs readability:
./ipalib/constants.py:121:80: E501 line too long (81 79 characters)
./ipalib/plugins/topology.py:72:80: E501 line too long (88 79 characters)
./ipalib/plugins/topology.py:73:26: E131 continuation line unaligned for
hanging indent
./ipalib/plugins/topology.py:73:80: E501 line too long (93 79 characters)
./ipalib/plugins/topology.py:103:80: E501 line too long (80 79 characters)
./ipalib/plugins/topology.py:111:80: E501 line too long (80 79 characters)
./ipalib/plugins/topology.py:207:80: E501 line too long (80 79 characters)
./ipalib/plugins/topology.py:232:80: E501 line too long (80 79 characters)
./ipalib/plugins/topology.py:269:80: E501 line too long (84 79 characters)
Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands
On 06/03/2015 03:53 PM, Petr Vobornik wrote:
On 06/03/2015 02:38 PM, Martin Babinsky wrote:
On 06/03/2015 01:34 PM, Petr Vobornik wrote:
On 06/03/2015 10:59 AM, Martin Babinsky wrote:
On 06/03/2015 10:52 AM, Martin Babinsky wrote:
On 05/26/2015 03:31 PM, Petr Vobornik wrote:
On 05/26/2015 12:19 PM, Petr Vobornik wrote:
this patch is based on top of my patch #856 and tbabej'
s 325-9.
Obsoletes Ludwig's 0006.
ipalib part of topology management
Design:
- http://www.freeipa.org/page/V4/Manage_replication_topology
https://fedorahosted.org/freeipa/ticket/4302
New version attached:
- domainlevel_show usage changed to domainlevel_get
- updated VERSION
- added more attrs to default_attributes
Hi Petr,
the commands themselves seem to work just fine. I had encountered some
quirks in the underlying topology plugin, but I will address them in a
different thread in order to keep the discussion relevant to the
reviewed patch.
I have some minor coomments below:
1.)
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=121
-# Last change: pvoborni - added server-find and server-show
+IPA_API_VERSION_MINOR=122
+# Last change: pvoborni - added topology management commands
Several people were touching API in the meantime so please
double-check
that you have correct VERSION and regenerate API.txt
Patch rebased.
2.)
+Str(
+'nsds5replicatedattributelist?',
+cli_name='replattrs',
+label='Attributes to replicate',
+doc=_('Attributes that are not replicated to a consumer
server '
+ 'during a fractional update. E.g.,
`(objectclass=*) '
+ '$ EXCLUDE accountlockout memberof'),
+),
+Str(
+'nsds5replicatedattributelisttotal?',
+cli_name='replattrstotal',
+label=_('Attributes for total update'),
+doc=_('Attributes that are not replicated to a consumer
server '
+ 'during a total update. E.g. (objectclass=*) $
EXCLUDE '
+ 'accountlockout'),
The descriptions of these two options confused me greatly, are these
attributes supposed to be replicated or not, or is there some more
complex logic behind them that I failed to grasp? I am cc'ing
Ludwig, he
can probably explain them to us and then we can decide whether we may
alter the descriptions to be less confusing.
3.)
+takes_params = (
+Str(
+'cn',
+cli_name='name',
+primary_key=True,
+label=_('Suffix name'),
+),
+Str(
+'iparepltopoconfroot',
+maxlength=255,
+cli_name='suffix',
+label=_('Suffix to be managed'),
+normalizer=lambda value: value.lower(),
+),
+)
This also confused me at first, I suggest to change the label of
'iparepltopoconfroot' to something like 'LDAP suffix to be managed' or
'LDAP subtree to be managed'.
Changed to 'LDAP suffix to be managed'
4.)
There is currently no way to rename existing topology
segments/suffixes.
In the case of hosts with funky FQDN's (pointing at you, ABC lab), the
segment cn's created during replica installs are mearly impossible to
remember and it would be nice to rename them to something more
manageable. However, this is not related to core functionality and can
be a subject of a separate patch once this gets pushed.
That's all from my side.
I also forgot to ask what is the expected policy when deleting a
non-empty topology suffix. If this is not supported and you have to
first remove all segments and then the suffix itself, the
'topologysuffix-del' command should issue an error pointing the user to
correct procedure.
Do we have a use case for creation or deletion of topology suffix?
That's a good question.
Anyway, I have noticed couple more things:
1.) it seems that there some of unused imports in topology.py. Please
investigate whether all of them are really needed.
Fixed
2.)
+from ipalib.plugins.baseldap import *
+from ipalib.plugins import baseldap
I do not like that starred import at all. Either import the particular
classes you use (like e.g. in basuser.py), or just leave the second
import statetement and use the appropriate namespace
(baseldap.LDAPObject etc.).
Fixed
3.) there are couple of pep8 complaints, please try to fix them unless
it impairs readability:
./ipalib/constants.py:121:80: E501 line too long (81 79 characters)
./ipalib/plugins/topology.py:72:80: E501 line too long (88 79
characters)
./ipalib/plugins/topology.py:73:26: E131 continuation line unaligned for
hanging indent
./ipalib/plugins/topology.py:73:80: E501 line too long (93 79
characters)
./ipalib/plugins/topology.py:103:80: E501 line too long (80 79
characters)
./ipalib/plugins/topology.py:111:80: E501 line too long (80 79
characters)
./ipalib/plugins/topology.py:207:80: E501 line too long (80 79
characters)
./ipalib/plugins/topology.py:232:80: E501 line too long (80 79
characters)
Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands
On 05/26/2015 03:56 PM, Oleg Fayans wrote: Hi Petr, team After playing around with the previous version of your patch applied on top of the current master branch today in the morning, I still observe the problem with replica installation, described here: https://fedorahosted.org/freeipa/ticket/5035 This issue is not fixed with this patch. There is no patch for #5035 yet. This patch only adds ipalib API and CLI related to topology suffix and topology segment management. Over 857, patch 857-1 fixes only the 'internal error' which was in previous version(invalid domainslevel-show call). the session transcript together with ipareplica-install.log and the errors log of the dirsrv on master are attached. The following lines in the error log might be of interest: [26/May/2015:08:46:09 -0400] NSMMReplicationPlugin - Finished total update of replica agmt=cn=meToreplica1.pesen.net (replica1:389). Sent 382 entries. [26/May/2015:08:46:11 -0400] ipa-topology-plugin - ipa_topo_util_modify: failed to modify entry (cn=meToreplica1.pesen.net,cn=replica,cn=dc\3Dpesen\2Cdc\3Dnet,cn=mapping tree,cn=config): error 53 [26/May/2015:08:46:17 -0400] repl_version_plugin_recv_acquire_cb - [file ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing replication. This server: 2010061412 remote server: (null). [26/May/2015:08:46:38 -0400] NSMMReplicationPlugin - agmt=cn=meToreplica1.pesen.net (replica1:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [26/May/2015:08:46:41 -0400] NSMMReplicationPlugin - agmt=cn=meToreplica1.pesen.net (replica1:389): Replication bind with SIMPLE auth resumed [26/May/2015:08:47:42 -0400] NSMMReplicationPlugin - Beginning total update of replica agmt=cn=masterAgreement1-replica1.pesen.net-pki-tomcat (replica1:389). [26/May/2015:08:47:46 -0400] NSMMReplicationPlugin - Finished total update of replica agmt=cn=masterAgreement1-replica1.pesen.net-pki-tomcat (replica1:389). Sent 70 entries. [26/May/2015:08:48:28 -0400] repl_version_plugin_recv_acquire_cb - [file ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing replication. This server: 2010061412 remote server: (null). [26/May/2015:08:48:28 -0400] repl_version_plugin_recv_acquire_cb - [file ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing replication. This server: 2010061412 remote server: (null). Should I rebuild the packages with the latest version of your patch on top of the current master with Tomas' latest Domain Level-related changes and try again? On 05/26/2015 03:31 PM, Petr Vobornik wrote: On 05/26/2015 12:19 PM, Petr Vobornik wrote: this patch is based on top of my patch #856 and tbabej' s 325-9. Obsoletes Ludwig's 0006. ipalib part of topology management Design: - http://www.freeipa.org/page/V4/Manage_replication_topology https://fedorahosted.org/freeipa/ticket/4302 New version attached: - domainlevel_show usage changed to domainlevel_get - updated VERSION - added more attrs to default_attributes -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands
On 05/27/2015 11:36 AM, Oleg Fayans wrote: The current version of the patch can not be applied: git apply freeipa-pvoborni-0857-1-topology-ipa-management-commands.patch error: patch failed: VERSION:90 error: VERSION: patch does not apply This patch should apply on current master. All its dependencies were pushed. Worked for me. Also, is freeipa-pvoborni-0855-server-find-and-server-show-commands.patch already merged? Yes, this was pushed. Generally what is the current list of patches that need to be applied in order to test this feature? I currently have the following set: freeipa-pvoborni-0822-1-webui-topology-plugin.patch could be disregarded, was replaced with patches 858-861 freeipa-pvoborni-0857-1-topology-ipa-management-commands.patch needed for testing CLI and is a prerequisite for Web UI freeipa-pvoborni-0858-webui-IPA.command_dialog-a-new-dialog-base-class.patch freeipa-pvoborni-0859-webui-use-command_dialog-as-a-base-class-for-passwor.patch freeipa-pvoborni-0860-webui-make-usage-of-all-in-details-facet-optional.patch freeipa-pvoborni-0861-webui-topology-plugin.patch 858-861 are Web UI, I'll sent new versions today because the domains level API was changed after these patches had been created and therefore the patches uses an incorrect call. Is there anything else that I've missed? No, but we don't have a patch for ticket #5035 which effectively blocks us with testing the core of the topology effort. It's something Ludwig should look at. On 05/26/2015 03:31 PM, Petr Vobornik wrote: On 05/26/2015 12:19 PM, Petr Vobornik wrote: this patch is based on top of my patch #856 and tbabej' s 325-9. Obsoletes Ludwig's 0006. ipalib part of topology management Design: - http://www.freeipa.org/page/V4/Manage_replication_topology https://fedorahosted.org/freeipa/ticket/4302 New version attached: - domainlevel_show usage changed to domainlevel_get - updated VERSION - added more attrs to default_attributes -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands
The current version of the patch can not be applied: git apply freeipa-pvoborni-0857-1-topology-ipa-management-commands.patch error: patch failed: VERSION:90 error: VERSION: patch does not apply Also, is freeipa-pvoborni-0855-server-find-and-server-show-commands.patch already merged? Generally what is the current list of patches that need to be applied in order to test this feature? I currently have the following set: freeipa-pvoborni-0822-1-webui-topology-plugin.patch freeipa-pvoborni-0857-1-topology-ipa-management-commands.patch freeipa-pvoborni-0858-webui-IPA.command_dialog-a-new-dialog-base-class.patch freeipa-pvoborni-0859-webui-use-command_dialog-as-a-base-class-for-passwor.patch freeipa-pvoborni-0860-webui-make-usage-of-all-in-details-facet-optional.patch freeipa-pvoborni-0861-webui-topology-plugin.patch Is there anything else that I've missed? On 05/26/2015 03:31 PM, Petr Vobornik wrote: On 05/26/2015 12:19 PM, Petr Vobornik wrote: this patch is based on top of my patch #856 and tbabej' s 325-9. Obsoletes Ludwig's 0006. ipalib part of topology management Design: - http://www.freeipa.org/page/V4/Manage_replication_topology https://fedorahosted.org/freeipa/ticket/4302 New version attached: - domainlevel_show usage changed to domainlevel_get - updated VERSION - added more attrs to default_attributes -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH] 857 topology: ipa management commands
this patch is based on top of my patch #856 and tbabej'
s 325-9.
Obsoletes Ludwig's 0006.
ipalib part of topology management
Design:
- http://www.freeipa.org/page/V4/Manage_replication_topology
https://fedorahosted.org/freeipa/ticket/4302
--
Petr Vobornik
From 6b58f60e4948f9b1556d835aa9970efcb71a71b5 Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Fri, 22 May 2015 09:50:09 +0200
Subject: [PATCH] topology: ipa management commands
ipalib part of topology management
Design:
- http://www.freeipa.org/page/V4/Manage_replication_topology
https://fedorahosted.org/freeipa/ticket/4302
---
API.txt| 155 ++
ipalib/constants.py| 1 +
ipalib/plugins/topology.py | 382 +
3 files changed, 538 insertions(+)
create mode 100644 ipalib/plugins/topology.py
diff --git a/API.txt b/API.txt
index 6ee7411c6f6bebfaa76a015560d9e87f3d662462..c2f0bc3e2abab5634d142821e08e3fa7de8b7b74 100644
--- a/API.txt
+++ b/API.txt
@@ -4341,6 +4341,161 @@ option: Str('version?', exclude='webui')
output: Entry('result', type 'dict', Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('summary', (type 'unicode', type 'NoneType'), None)
output: PrimaryKey('value', None, None)
+command: topologysegment_add
+args: 2,13,3
+arg: Str('topologysuffixcn', cli_name='topologysuffix', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, primary_key=True, required=True)
+option: Str('addattr*', cli_name='addattr', exclude='webui')
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: StrEnum('iparepltoposegmentdirection', attribute=True, cli_name='direction', default=u'both', multivalue=False, required=True, values=(u'both', u'left-right', u'right-left', u'none'))
+option: Str('iparepltoposegmentleftnode', attribute=True, cli_name='leftnode', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9.][a-zA-Z0-9.-]{0,252}[a-zA-Z0-9.$-]?$', required=True)
+option: Str('iparepltoposegmentrightnode', attribute=True, cli_name='rightnode', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9.][a-zA-Z0-9.-]{0,252}[a-zA-Z0-9.$-]?$', required=True)
+option: StrEnum('nsds5replicaenabled', attribute=True, cli_name='enabled', multivalue=False, required=False, values=(u'on', u'off'))
+option: Str('nsds5replicastripattrs', attribute=True, cli_name='stripattrs', multivalue=False, required=False)
+option: Str('nsds5replicatedattributelist', attribute=True, cli_name='replattrs', multivalue=False, required=False)
+option: Str('nsds5replicatedattributelisttotal', attribute=True, cli_name='replattrstotal', multivalue=False, required=False)
+option: Int('nsds5replicatimeout', attribute=True, cli_name='timeout', minvalue=0, multivalue=False, required=False)
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('setattr*', cli_name='setattr', exclude='webui')
+option: Str('version?', exclude='webui')
+output: Entry('result', type 'dict', Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (type 'unicode', type 'NoneType'), None)
+output: PrimaryKey('value', None, None)
+command: topologysegment_del
+args: 2,2,3
+arg: Str('topologysuffixcn', cli_name='topologysuffix', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=True, primary_key=True, query=True, required=True)
+option: Flag('continue', autofill=True, cli_name='continue', default=False)
+option: Str('version?', exclude='webui')
+output: Output('result', type 'dict', None)
+output: Output('summary', (type 'unicode', type 'NoneType'), None)
+output: ListOfPrimaryKeys('value', None, None)
+command: topologysegment_find
+args: 2,15,4
+arg: Str('topologysuffixcn', cli_name='topologysuffix', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('criteria?', noextrawhitespace=False)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('cn', attribute=True, autofill=False, cli_name='name', maxlength=255, multivalue=False, primary_key=True, query=True, required=False)
+option: StrEnum('iparepltoposegmentdirection', attribute=True, autofill=False, cli_name='direction', default=u'both', multivalue=False, query=True, required=False, values=(u'both', u'left-right', u'right-left', u'none'))
+option: Str('iparepltoposegmentleftnode', attribute=True, autofill=False, cli_name='leftnode', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9.][a-zA-Z0-9.-]{0,252}[a-zA-Z0-9.$-]?$', query=True, required=False)
+option: Str('iparepltoposegmentrightnode', attribute=True, autofill=False, cli_name='rightnode', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9.][a-zA-Z0-9.-]{0,252}[a-zA-Z0-9.$-]?$', query=True,
Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands
On 05/26/2015 12:19 PM, Petr Vobornik wrote:
this patch is based on top of my patch #856 and tbabej'
s 325-9.
Obsoletes Ludwig's 0006.
ipalib part of topology management
Design:
- http://www.freeipa.org/page/V4/Manage_replication_topology
https://fedorahosted.org/freeipa/ticket/4302
New version attached:
- domainlevel_show usage changed to domainlevel_get
- updated VERSION
- added more attrs to default_attributes
--
Petr Vobornik
From 243f0ef04572ea6b5df39077d1a88e67c1c12d9f Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Fri, 22 May 2015 09:50:09 +0200
Subject: [PATCH] topology: ipa management commands
ipalib part of topology management
Design:
- http://www.freeipa.org/page/V4/Manage_replication_topology
https://fedorahosted.org/freeipa/ticket/4302
---
API.txt| 155 ++
VERSION| 4 +-
ipalib/constants.py| 1 +
ipalib/plugins/topology.py | 383 +
4 files changed, 541 insertions(+), 2 deletions(-)
create mode 100644 ipalib/plugins/topology.py
diff --git a/API.txt b/API.txt
index da69f32de5c12c0d85a7d61d9027385aa3c0ee05..dcd4379661ae8e1daeb233373460510783ecc823 100644
--- a/API.txt
+++ b/API.txt
@@ -4341,6 +4341,161 @@ option: Str('version?', exclude='webui')
output: Entry('result', type 'dict', Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('summary', (type 'unicode', type 'NoneType'), None)
output: PrimaryKey('value', None, None)
+command: topologysegment_add
+args: 2,13,3
+arg: Str('topologysuffixcn', cli_name='topologysuffix', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, primary_key=True, required=True)
+option: Str('addattr*', cli_name='addattr', exclude='webui')
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: StrEnum('iparepltoposegmentdirection', attribute=True, cli_name='direction', default=u'both', multivalue=False, required=True, values=(u'both', u'left-right', u'right-left', u'none'))
+option: Str('iparepltoposegmentleftnode', attribute=True, cli_name='leftnode', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9.][a-zA-Z0-9.-]{0,252}[a-zA-Z0-9.$-]?$', required=True)
+option: Str('iparepltoposegmentrightnode', attribute=True, cli_name='rightnode', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9.][a-zA-Z0-9.-]{0,252}[a-zA-Z0-9.$-]?$', required=True)
+option: StrEnum('nsds5replicaenabled', attribute=True, cli_name='enabled', multivalue=False, required=False, values=(u'on', u'off'))
+option: Str('nsds5replicastripattrs', attribute=True, cli_name='stripattrs', multivalue=False, required=False)
+option: Str('nsds5replicatedattributelist', attribute=True, cli_name='replattrs', multivalue=False, required=False)
+option: Str('nsds5replicatedattributelisttotal', attribute=True, cli_name='replattrstotal', multivalue=False, required=False)
+option: Int('nsds5replicatimeout', attribute=True, cli_name='timeout', minvalue=0, multivalue=False, required=False)
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('setattr*', cli_name='setattr', exclude='webui')
+option: Str('version?', exclude='webui')
+output: Entry('result', type 'dict', Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (type 'unicode', type 'NoneType'), None)
+output: PrimaryKey('value', None, None)
+command: topologysegment_del
+args: 2,2,3
+arg: Str('topologysuffixcn', cli_name='topologysuffix', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=True, primary_key=True, query=True, required=True)
+option: Flag('continue', autofill=True, cli_name='continue', default=False)
+option: Str('version?', exclude='webui')
+output: Output('result', type 'dict', None)
+output: Output('summary', (type 'unicode', type 'NoneType'), None)
+output: ListOfPrimaryKeys('value', None, None)
+command: topologysegment_find
+args: 2,15,4
+arg: Str('topologysuffixcn', cli_name='topologysuffix', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('criteria?', noextrawhitespace=False)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('cn', attribute=True, autofill=False, cli_name='name', maxlength=255, multivalue=False, primary_key=True, query=True, required=False)
+option: StrEnum('iparepltoposegmentdirection', attribute=True, autofill=False, cli_name='direction', default=u'both', multivalue=False, query=True, required=False, values=(u'both', u'left-right', u'right-left', u'none'))
+option: Str('iparepltoposegmentleftnode', attribute=True, autofill=False, cli_name='leftnode', maxlength=255, multivalue=False,
