Re: [Freeipa-devel] [PATCH] 0033 Add disconnect command to change topology
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/20/2010 09:04 PM, Simo Sorce wrote: On Mon, 20 Dec 2010 18:22:48 +0100 Jakub Hrozek jhro...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/16/2010 02:02 AM, Simo Sorce wrote: This command will delete a replication agreement unless it is the last one on either server. It is used to change replication topology without actually removing any single master for the domain (the del command must be used if that the intent). Simo. Please document the new action in the manpage. As the actions are not printed when one specifies --help, there's no way to discover it short of reading the code. I have a separate ticket to add all the changes to the man page. It requires some deep review and I preferred to split it from the rest of the changes. Simo. OK, as long as it is tracked I'm fine :-) Ack -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0QtVwACgkQHsardTLnvCUJ4gCg3vMDIqF45HgViCnuyiZ565iB 1sMAn14o9WRdwVswbuXSUOA26AWdwCKL =V6mC -END PGP SIGNATURE- ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0033 Add disconnect command to change topology
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/21/2010 03:10 PM, Jakub Hrozek wrote: On 12/20/2010 09:04 PM, Simo Sorce wrote: On Mon, 20 Dec 2010 18:22:48 +0100 Jakub Hrozek jhro...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/16/2010 02:02 AM, Simo Sorce wrote: This command will delete a replication agreement unless it is the last one on either server. It is used to change replication topology without actually removing any single master for the domain (the del command must be used if that the intent). Simo. Please document the new action in the manpage. As the actions are not printed when one specifies --help, there's no way to discover it short of reading the code. I have a separate ticket to add all the changes to the man page. It requires some deep review and I preferred to split it from the rest of the changes. Simo. OK, as long as it is tracked I'm fine :-) Ack Actually, sorry, one more thing I noticed. In del_link(), you assign type2 = repl2.get_agreement_type(replica1) but never use type2 again. Should the next if say if repl2 and type2 == replication.IPA_REPLICA: perhaps? ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0Q6DgACgkQHsardTLnvCWScACg2StFWJ0Qy6qvjHagyJyR1g1h Pg0AoMIKX0xpvoYWU8aAtsoPp5+a4/E7 =31Fc -END PGP SIGNATURE- ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0033 Add disconnect command to change topology
On Tue, 21 Dec 2010 18:47:36 +0100 Jakub Hrozek jhro...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/21/2010 03:10 PM, Jakub Hrozek wrote: On 12/20/2010 09:04 PM, Simo Sorce wrote: On Mon, 20 Dec 2010 18:22:48 +0100 Jakub Hrozek jhro...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/16/2010 02:02 AM, Simo Sorce wrote: This command will delete a replication agreement unless it is the last one on either server. It is used to change replication topology without actually removing any single master for the domain (the del command must be used if that the intent). Simo. Please document the new action in the manpage. As the actions are not printed when one specifies --help, there's no way to discover it short of reading the code. I have a separate ticket to add all the changes to the man page. It requires some deep review and I preferred to split it from the rest of the changes. Simo. OK, as long as it is tracked I'm fine :-) Ack Actually, sorry, one more thing I noticed. In del_link(), you assign type2 = repl2.get_agreement_type(replica1) but never use type2 again. Should the next if say if repl2 and type2 == replication.IPA_REPLICA: perhaps? Initially that was the aim, but then I realized that you wouldn't be able to delete replication agreements with Windows domains (winsync), if you enforced that so I just removed the check about type2 and type2 was left unused. I can remove that line before pushing if needed. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0033 Add disconnect command to change topology
On 12/21/2010 07:48 PM, Simo Sorce wrote: On Tue, 21 Dec 2010 18:47:36 +0100 Jakub Hrozekjhro...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/21/2010 03:10 PM, Jakub Hrozek wrote: On 12/20/2010 09:04 PM, Simo Sorce wrote: On Mon, 20 Dec 2010 18:22:48 +0100 Jakub Hrozekjhro...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/16/2010 02:02 AM, Simo Sorce wrote: This command will delete a replication agreement unless it is the last one on either server. It is used to change replication topology without actually removing any single master for the domain (the del command must be used if that the intent). Simo. Please document the new action in the manpage. As the actions are not printed when one specifies --help, there's no way to discover it short of reading the code. I have a separate ticket to add all the changes to the man page. It requires some deep review and I preferred to split it from the rest of the changes. Simo. OK, as long as it is tracked I'm fine :-) Ack Actually, sorry, one more thing I noticed. In del_link(), you assign type2 = repl2.get_agreement_type(replica1) but never use type2 again. Should the next if say if repl2 and type2 == replication.IPA_REPLICA: perhaps? Initially that was the aim, but then I realized that you wouldn't be able to delete replication agreements with Windows domains (winsync), if you enforced that so I just removed the check about type2 and type2 was left unused. I can remove that line before pushing if needed. Simo. Yes, I think that would be nice. Ack again and thanks for explaining! ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0033 Add disconnect command to change topology
On Tue, 21 Dec 2010 21:57:29 +0100 Jakub Hrozek jhro...@redhat.com wrote: On 12/21/2010 07:48 PM, Simo Sorce wrote: On Tue, 21 Dec 2010 18:47:36 +0100 Jakub Hrozekjhro...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/21/2010 03:10 PM, Jakub Hrozek wrote: On 12/20/2010 09:04 PM, Simo Sorce wrote: On Mon, 20 Dec 2010 18:22:48 +0100 Jakub Hrozekjhro...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/16/2010 02:02 AM, Simo Sorce wrote: This command will delete a replication agreement unless it is the last one on either server. It is used to change replication topology without actually removing any single master for the domain (the del command must be used if that the intent). Simo. Please document the new action in the manpage. As the actions are not printed when one specifies --help, there's no way to discover it short of reading the code. I have a separate ticket to add all the changes to the man page. It requires some deep review and I preferred to split it from the rest of the changes. Simo. OK, as long as it is tracked I'm fine :-) Ack Actually, sorry, one more thing I noticed. In del_link(), you assign type2 = repl2.get_agreement_type(replica1) but never use type2 again. Should the next if say if repl2 and type2 == replication.IPA_REPLICA: perhaps? Initially that was the aim, but then I realized that you wouldn't be able to delete replication agreements with Windows domains (winsync), if you enforced that so I just removed the check about type2 and type2 was left unused. I can remove that line before pushing if needed. Simo. Yes, I think that would be nice. Ack again and thanks for explaining! removed the type2 line and also added a repl2 = None on top (it was causing errors in a later patch). Pushed to master. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0033 Add disconnect command to change topology
On Mon, 20 Dec 2010 18:22:48 +0100 Jakub Hrozek jhro...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/16/2010 02:02 AM, Simo Sorce wrote: This command will delete a replication agreement unless it is the last one on either server. It is used to change replication topology without actually removing any single master for the domain (the del command must be used if that the intent). Simo. Please document the new action in the manpage. As the actions are not printed when one specifies --help, there's no way to discover it short of reading the code. I have a separate ticket to add all the changes to the man page. It requires some deep review and I preferred to split it from the rest of the changes. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 0033 Add disconnect command to change topology
This command will delete a replication agreement unless it is the last one on either server. It is used to change replication topology without actually removing any single master for the domain (the del command must be used if that the intent). Simo. -- Simo Sorce * Red Hat, Inc * New York From 5172b5cd1962f55a5e614f3fbbdb90d76095078a Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Tue, 14 Dec 2010 10:51:19 -0500 Subject: [PATCH 2/4] Add disconnect command to ipa-replica-manage Can remove replication agreements between 2 replicas as long as it is not the last agreement (except for Ad replication agreements, which can always be removed). Fixes: https://fedorahosted.org/freeipa/ticket/551 --- install/tools/ipa-replica-manage | 89 +- ipaserver/install/replication.py | 22 + 2 files changed, 109 insertions(+), 2 deletions(-) diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 9b5aad5ce93bd1ed58c603a1156bd33cb0fb96a2..d0bc029575d81283b7864a60f5b754bec7f05757 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -55,8 +55,8 @@ def parse_options(): options, args = parser.parse_args() -if not len(args) or not (list in args[0] or add in args[0] or del in args[0] or init in args[0] or synch in args[0]): -parser.error(must provide a command [list | add | del | init | synch]) +if not len(args) or not (list in args[0] or add in args[0] or del in args[0] or init in args[0] or synch in args[0] or disconnect in args[0]): +parser.error(must provide a command [list | add | del | init | synch | disconnect]) # set log level if options.verbose: @@ -105,6 +105,80 @@ def list_masters(replman, verbose): print last update status: %s % entry.nsds5replicalastupdatestatus print last update ended: %s % str(ipautil.parse_generalized_time(entry.nsds5replicalastupdateend)) +def del_link(replica1, replica2, dirman_passwd, force=False): + +try: +repl1 = replication.ReplicationManager(replica1, dirman_passwd) +repl1.suffix = get_suffix() + +type1 = repl1.get_agreement_type(replica2) + +repl_list = repl1.find_ipa_replication_agreements() +if not force and len(repl_list) = 1 and type1 == replication.IPA_REPLICA: +print Cannot remove the last replication link of '%s' % replica1 +print Please use the 'del' command to remove it from the domain +return + +except ldap.NO_SUCH_OBJECT: +print '%s' has no replication agreement for '%s' % (replica1, replica2) +return +except errors.NotFound: +print '%s' has no replication agreement for '%s' % (replica1, replica2) +return +except Exception, e: +print Failed to get data from '%s': %s % (replica1, str(e)) +return + +if type1 == replication.IPA_REPLICA: +try: +repl2 = replication.ReplicationManager(replica2, dirman_passwd) +repl2.suffix = get_suffix() + +type2 = repl2.get_agreement_type(replica1) + +repl_list = repl1.find_ipa_replication_agreements() +if not force and len(repl_list) = 1: +print Cannot remove the last replication link of '%s' % replica2 +print Please use the 'del' command to remove it from the domain +return + +except ldap.NO_SUCH_OBJECT: +print '%s' has no replication agreement for '%s' % (replica2, replica1) +if not force: +return +except errors.NotFound: +print '%s' has no replication agreement for '%s' % (replica2, replica1) +if not force: +return +except Exception, e: +print Failed to get data from '%s': %s % (replica2, str(e)) +if not force: +return + +if repl2 and type1 == replication.IPA_REPLICA: +failed = False +try: +repl2.delete_agreement(replica1) +except ldap.LDAPError, e: +desc = e.args[0]['desc'].strip() +info = e.args[0].get('info', '').strip() +print Unable to remove agreement on %s: %s: %s % (replica2, desc, info) +failed = True +except Exception, e: +print Unable to remove agreement on %s: %s % (replica2, str(e)) +failed = True + +if failed: +if force: +print Forcing removal on '%s' % replica1 +else: +return + +if not repl2 and force: +print Forcing removal on '%s' % replica1 + +repl1.delete_agreement(replica2) + def del_master(replman, hostname, force=False): has_repl_agreement = True try: @@ -253,6 +327,17 @@ def main(): print must provide hostname of supplier to synchronize with sys.exit(1) synch_master(r,