Re: [Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not

2015-12-09 Thread Martin Basti 



On 08.12.2015 17:32, Martin Babinsky wrote:

On 12/08/2015 04:53 PM, Tomas Babej wrote:



On 12/08/2015 02:28 PM, Tomas Babej wrote:

Hi,

The old 'realm' topology suffix is no longer used, however, it was 
being
created on masters with version 4.2.3 and later. Make sure it's 
properly

removed.

Note that this is not the case for the 'ipaca' suffix, which was later
removed to 'ca'.

https://fedorahosted.org/freeipa/ticket/5526



Actually, we found out with Martin that this patch deletes realm instead
of domain suffix, against all initial impressions.

Updated patch attached.

Tomas





Works for me, ACK.

I have also made some hardening in topology connectivity checks so 
that this kind of situations is handled and reported by them. I will 
send a patch in separate thread.



Pushed to master: a84b7d2117aafc5182640d0a22675b214c27dd7c

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not

2015-12-09 Thread Martin Basti 



On 09.12.2015 09:43, Martin Basti wrote:



On 08.12.2015 17:32, Martin Babinsky wrote:

On 12/08/2015 04:53 PM, Tomas Babej wrote:



On 12/08/2015 02:28 PM, Tomas Babej wrote:

Hi,

The old 'realm' topology suffix is no longer used, however, it was 
being
created on masters with version 4.2.3 and later. Make sure it's 
properly

removed.

Note that this is not the case for the 'ipaca' suffix, which was later
removed to 'ca'.

https://fedorahosted.org/freeipa/ticket/5526



Actually, we found out with Martin that this patch deletes realm 
instead

of domain suffix, against all initial impressions.

Updated patch attached.

Tomas





Works for me, ACK.

I have also made some hardening in topology connectivity checks so 
that this kind of situations is handled and reported by them. I will 
send a patch in separate thread.



Pushed to master: a84b7d2117aafc5182640d0a22675b214c27dd7c

I accidentally pushed first revision of the patch, fix pushed to master: 
dcb5c2a5200a797b0eec9bb809c570f9ed80f7bb


--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not

2015-12-08 Thread Tomas Babej 
Hi,

The old 'realm' topology suffix is no longer used, however, it was being
created on masters with version 4.2.3 and later. Make sure it's properly
removed.

Note that this is not the case for the 'ipaca' suffix, which was later
removed to 'ca'.

https://fedorahosted.org/freeipa/ticket/5526
From 4c60de6009140f389bc45a5649868f1fde938421 Mon Sep 17 00:00:00 2001
From: Tomas Babej 
Date: Tue, 8 Dec 2015 13:34:15 +0100
Subject: [PATCH] topology: Make sure the old 'realm' topology suffix is not
 used

The old 'realm' topology suffix is no longer used, however, it was being
created on masters with version 4.2.3 and later. Make sure it's properly
removed.

Note that this is not the case for the 'ipaca' suffix, which was later
removed to 'ca'.

https://fedorahosted.org/freeipa/ticket/5526
---
 install/updates/20-replication.update | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/install/updates/20-replication.update b/install/updates/20-replication.update
index a471742532cf5954be1b76dbe4a6d908e4cefa2c..1543a04c917c386e93ed93dfd2767e0fde4685f5 100644
--- a/install/updates/20-replication.update
+++ b/install/updates/20-replication.update
@@ -31,6 +31,9 @@ add: nsDS5ReplicatedAttributeList: $EXCLUDES
 add: nsDS5ReplicatedAttributeListTotal: $TOTAL_EXCLUDES
 add: nsds5ReplicaStripAttrs: $STRIP_ATTRS
 
+# Remove old topology configuration area (unused)
+deleteentry: cn=realm,cn=topology,cn=ipa,cn=etc,$SUFFIX
+
 # add IPA realm managed suffix to master entry
 dn: cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX
 add: objectclass: ipaReplTopoManagedServer
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not

2015-12-08 Thread Tomas Babej 


On 12/08/2015 02:28 PM, Tomas Babej wrote:
> Hi,
> 
> The old 'realm' topology suffix is no longer used, however, it was being
> created on masters with version 4.2.3 and later. Make sure it's properly
> removed.
> 
> Note that this is not the case for the 'ipaca' suffix, which was later
> removed to 'ca'.
> 
> https://fedorahosted.org/freeipa/ticket/5526
> 

Actually, we found out with Martin that this patch deletes realm instead
of domain suffix, against all initial impressions.

Updated patch attached.

Tomas
From 669f741f8cc20772b84f5980b9b6b57f71e3b992 Mon Sep 17 00:00:00 2001
From: Tomas Babej 
Date: Tue, 8 Dec 2015 13:34:15 +0100
Subject: [PATCH] topology: Make sure the old 'realm' topology suffix is not
 used

The old 'realm' topology suffix is no longer used, howver, it was being
created on masters with version 4.2.3 and later. Make sure it's properly
removed.

Note that this is not the case for the 'ipaca' suffix, whic was later
removed to 'ca'.

https://fedorahosted.org/freeipa/ticket/5526
---
 install/updates/20-replication.update | 4 
 1 file changed, 4 insertions(+)

diff --git a/install/updates/20-replication.update b/install/updates/20-replication.update
index a471742532cf5954be1b76dbe4a6d908e4cefa2c..c9d96066d5f9bec5b8b92a3f2c457636c095137a 100644
--- a/install/updates/20-replication.update
+++ b/install/updates/20-replication.update
@@ -31,6 +31,10 @@ add: nsDS5ReplicatedAttributeList: $EXCLUDES
 add: nsDS5ReplicatedAttributeListTotal: $TOTAL_EXCLUDES
 add: nsds5ReplicaStripAttrs: $STRIP_ATTRS
 
+# Remove old topology configuration area (unused)
+dn: cn=realm,cn=topology,cn=ipa,cn=etc,$SUFFIX
+deleteentry: cn=realm,cn=topology,cn=ipa,cn=etc,$SUFFIX
+
 # add IPA realm managed suffix to master entry
 dn: cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX
 add: objectclass: ipaReplTopoManagedServer
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not

2015-12-08 Thread Martin Babinsky 

On 12/08/2015 04:53 PM, Tomas Babej wrote:



On 12/08/2015 02:28 PM, Tomas Babej wrote:

Hi,

The old 'realm' topology suffix is no longer used, however, it was being
created on masters with version 4.2.3 and later. Make sure it's properly
removed.

Note that this is not the case for the 'ipaca' suffix, which was later
removed to 'ca'.

https://fedorahosted.org/freeipa/ticket/5526



Actually, we found out with Martin that this patch deletes realm instead
of domain suffix, against all initial impressions.

Updated patch attached.

Tomas





Works for me, ACK.

I have also made some hardening in topology connectivity checks so that 
this kind of situations is handled and reported by them. I will send a 
patch in separate thread.


--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code