subject:"\[Freeipa\-devel\] \[PATCH 0032\] Remove dangling RUVs even if replicas are offline"

Re: [Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

2016-06-03 Thread Martin Basti




On 19.05.2016 09:30, Stanislav Laznicka wrote:

On 05/19/2016 08:52 AM, Ludwig Krispenz wrote:


On 05/19/2016 08:02 AM, Stanislav Laznicka wrote:

On 05/18/2016 04:44 PM, Petr Vobornik wrote:

On 05/18/2016 04:36 PM, Stanislav Laznicka wrote:

There's no ticket for this patch but as there was a fix to 389-ds
mentioned in https://fedorahosted.org/freeipa/ticket/5396, the TODO
section in clean_dangling_ruvs could be removed.


What about using
   'replica-force-cleaning':'yes',

every time?

Is there a drawback which we would like to avoid?


The DS website mentions two possible risks
- possible loss of changes on deleted replica should these have not 
been reflected to some other replicas
this is a theoretical concern that there might be changes from the 
replica to be removed which are not yet on all servers, but to me the 
problem that cleaning ruvs hangs because replicas cannot be reached 
is the worse scenario.
- if some offline replica comes back online, it may re-pollute the 
RUVs back


I'm not sure of the probability of the second scenario, in my rather 
simple environment the re-pollution did not happen.
there have been fixes in 389-ds to prevent the repollution, so it 
should no longer happen.


Thank you, Ludwig. It seems reasonable to have the option set to 'yes' 
all the time, then.




ACK

Pushed to:
master: 0492ab9c0a014735f09e82d5db1c4c1aa2bd6d81
ipa-4-3: d7985af911d54d3ea2637cd8200aeff5d66638d5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

2016-05-19 Thread Stanislav Laznicka


On 05/19/2016 08:52 AM, Ludwig Krispenz wrote:


On 05/19/2016 08:02 AM, Stanislav Laznicka wrote:

On 05/18/2016 04:44 PM, Petr Vobornik wrote:

On 05/18/2016 04:36 PM, Stanislav Laznicka wrote:

There's no ticket for this patch but as there was a fix to 389-ds
mentioned in https://fedorahosted.org/freeipa/ticket/5396, the TODO
section in clean_dangling_ruvs could be removed.


What about using
   'replica-force-cleaning':'yes',

every time?

Is there a drawback which we would like to avoid?


The DS website mentions two possible risks
- possible loss of changes on deleted replica should these have not 
been reflected to some other replicas
this is a theoretical concern that there might be changes from the 
replica to be removed which are not yet on all servers, but to me the 
problem that cleaning ruvs hangs because replicas cannot be reached is 
the worse scenario.
- if some offline replica comes back online, it may re-pollute the 
RUVs back


I'm not sure of the probability of the second scenario, in my rather 
simple environment the re-pollution did not happen.
there have been fixes in 389-ds to prevent the repollution, so it 
should no longer happen.


Thank you, Ludwig. It seems reasonable to have the option set to 'yes' 
all the time, then.
From f02fb50f5356642e82902cbce6753e1e61b1628f Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka 
Date: Wed, 18 May 2016 16:27:26 +0200
Subject: [PATCH] Remove dangling RUVs even if replicas are offline

Previously, an offline replica would mean the RUVs cannot
be removed otherwise the task would be hanging in the DS.
This is fixed in 389-ds 1.3.5.

https://fedorahosted.org/freeipa/ticket/5396
---
 freeipa.spec.in  | 6 +++---
 install/tools/ipa-replica-manage | 4 
 ipaserver/install/replication.py | 1 +
 3 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 21426d2ef6e6a59e27cc9d46cce07cfd7409bf2b..b5c155bd6d2d90af4aecb4439c9a74e88be063bf 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -42,7 +42,7 @@ Source0:freeipa-%{version}.tar.gz
 BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %if ! %{ONLY_CLIENT}
-BuildRequires:  389-ds-base-devel >= 1.3.4.4
+BuildRequires:  389-ds-base-devel >= 1.3.5
 BuildRequires:  svrcore-devel
 BuildRequires:  policycoreutils >= 2.1.12-5
 BuildRequires:  systemd-units
@@ -131,7 +131,7 @@ Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-admintools = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
 Requires: python2-ipaserver = %{version}-%{release}
-Requires: 389-ds-base >= 1.3.4.6
+Requires: 389-ds-base >= 1.3.5
 Requires: openldap-clients > 2.4.35-4
 Requires: nss >= 3.14.3-12.0
 Requires: nss-tools >= 3.14.3-12.0
@@ -163,7 +163,7 @@ Requires: zip
 Requires: policycoreutils >= 2.1.12-5
 Requires: tar
 Requires(pre): certmonger >= 0.78
-Requires(pre): 389-ds-base >= 1.3.4.6
+Requires(pre): 389-ds-base >= 1.3.5
 Requires: fontawesome-fonts
 Requires: open-sans-fonts
 Requires: openssl
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 14e768965601cef08f13792bb5cd086534199538..f6ec413a81cd7e311d64bdf89d87096da33bed50 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -753,10 +753,6 @@ def clean_dangling_ruvs(realm, host, options):
 print('\t\tid: {id}, hostname: {host}'
   .format(id=csruv[1], host=csruv[0]))
 
-# TODO: this can be removed when #5396 is fixed
-if offlines:
-sys.exit("ERROR: All replicas need to be online to proceed.")
-
 if not options.force and not ipautil.user_input("Proceed with cleaning?", False):
 sys.exit("Aborted")
 
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index dd9453ce4fdac5d1bc43335fca2d8a96da62ad61..e4cb26f888089e5b9cabffab93ee2aab02eb8c02 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -1353,6 +1353,7 @@ class ReplicationManager(object):
 'cn': ['clean %d' % replicaId],
 'replica-base-dn': [self.db_suffix],
 'replica-id': [replicaId],
+'replica-force-cleaning': ['yes'],
 }
 )
 try:
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

2016-05-19 Thread Ludwig Krispenz



On 05/19/2016 08:02 AM, Stanislav Laznicka wrote:

On 05/18/2016 04:44 PM, Petr Vobornik wrote:

On 05/18/2016 04:36 PM, Stanislav Laznicka wrote:

There's no ticket for this patch but as there was a fix to 389-ds
mentioned in https://fedorahosted.org/freeipa/ticket/5396, the TODO
section in clean_dangling_ruvs could be removed.


What about using
   'replica-force-cleaning':'yes',

every time?

Is there a drawback which we would like to avoid?


The DS website mentions two possible risks
- possible loss of changes on deleted replica should these have not 
been reflected to some other replicas
this is a theoretical concern that there might be changes from the 
replica to be removed which are not yet on all servers, but to me the 
problem that cleaning ruvs hangs because replicas cannot be reached is 
the worse scenario.
- if some offline replica comes back online, it may re-pollute the 
RUVs back


I'm not sure of the probability of the second scenario, in my rather 
simple environment the re-pollution did not happen.
there have been fixes in 389-ds to prevent the repollution, so it should 
no longer happen.


--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael 
O'Neill

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

2016-05-19 Thread Stanislav Laznicka


On 05/18/2016 04:44 PM, Petr Vobornik wrote:

On 05/18/2016 04:36 PM, Stanislav Laznicka wrote:

There's no ticket for this patch but as there was a fix to 389-ds
mentioned in https://fedorahosted.org/freeipa/ticket/5396, the TODO
section in clean_dangling_ruvs could be removed.


What about using
   'replica-force-cleaning':'yes',

every time?

Is there a drawback which we would like to avoid?


The DS website mentions two possible risks
- possible loss of changes on deleted replica should these have not been 
reflected to some other replicas

- if some offline replica comes back online, it may re-pollute the RUVs back

I'm not sure of the probability of the second scenario, in my rather 
simple environment the re-pollution did not happen.


--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

2016-05-18 Thread Petr Vobornik

On 05/18/2016 04:36 PM, Stanislav Laznicka wrote:
> There's no ticket for this patch but as there was a fix to 389-ds
> mentioned in https://fedorahosted.org/freeipa/ticket/5396, the TODO
> section in clean_dangling_ruvs could be removed.
> 

What about using
  'replica-force-cleaning':'yes',

every time?

Is there a drawback which we would like to avoid?

-- 
Petr Vobornik

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

2016-05-18 Thread Stanislav Laznicka

There's no ticket for this patch but as there was a fix to 389-ds 
mentioned in https://fedorahosted.org/freeipa/ticket/5396, the TODO 
section in clean_dangling_ruvs could be removed.


From af7ef756e2118638bd2d2871c76d69d206f594ef Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka 
Date: Wed, 18 May 2016 16:27:26 +0200
Subject: [PATCH] Remove dangling RUVs even if replicas are offline

Previously, an offline replica would mean the RUVs cannot
be removed otherwise the task would be hanging in the DS.
This is fixed in 389-ds 1.3.5.

https://fedorahosted.org/freeipa/ticket/5396
---
 freeipa.spec.in  | 6 +++---
 install/tools/ipa-replica-manage | 6 +-
 ipaserver/install/replication.py | 3 ++-
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 21426d2ef6e6a59e27cc9d46cce07cfd7409bf2b..b5c155bd6d2d90af4aecb4439c9a74e88be063bf 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -42,7 +42,7 @@ Source0:freeipa-%{version}.tar.gz
 BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %if ! %{ONLY_CLIENT}
-BuildRequires:  389-ds-base-devel >= 1.3.4.4
+BuildRequires:  389-ds-base-devel >= 1.3.5
 BuildRequires:  svrcore-devel
 BuildRequires:  policycoreutils >= 2.1.12-5
 BuildRequires:  systemd-units
@@ -131,7 +131,7 @@ Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-admintools = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
 Requires: python2-ipaserver = %{version}-%{release}
-Requires: 389-ds-base >= 1.3.4.6
+Requires: 389-ds-base >= 1.3.5
 Requires: openldap-clients > 2.4.35-4
 Requires: nss >= 3.14.3-12.0
 Requires: nss-tools >= 3.14.3-12.0
@@ -163,7 +163,7 @@ Requires: zip
 Requires: policycoreutils >= 2.1.12-5
 Requires: tar
 Requires(pre): certmonger >= 0.78
-Requires(pre): 389-ds-base >= 1.3.4.6
+Requires(pre): 389-ds-base >= 1.3.5
 Requires: fontawesome-fonts
 Requires: open-sans-fonts
 Requires: openssl
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 14e768965601cef08f13792bb5cd086534199538..9cbd4a342e06fc401541d4a3a5eca0b6602e64c0 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -525,7 +525,7 @@ def clean_ruv(realm, ruv, options):
 else:
 thisrepl = replication.ReplicationManager(realm, options.host,
   options.dirman_passwd)
-thisrepl.cleanallruv(ruv)
+thisrepl.cleanallruv(ruv, options.force)
 print("Cleanup task created")
 
 
@@ -753,10 +753,6 @@ def clean_dangling_ruvs(realm, host, options):
 print('\t\tid: {id}, hostname: {host}'
   .format(id=csruv[1], host=csruv[0]))
 
-# TODO: this can be removed when #5396 is fixed
-if offlines:
-sys.exit("ERROR: All replicas need to be online to proceed.")
-
 if not options.force and not ipautil.user_input("Proceed with cleaning?", False):
 sys.exit("Aborted")
 
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index dd9453ce4fdac5d1bc43335fca2d8a96da62ad61..b82ba28e1b702cb7f084ce378da77a74bb5cdd90 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -1338,7 +1338,7 @@ class ReplicationManager(object):
 raise e
 root_logger.debug("No permission to modify replica read-only status, continuing anyway")
 
-def cleanallruv(self, replicaId):
+def cleanallruv(self, replicaId, force=False):
 """
 Create a CLEANALLRUV task and monitor it until it has
 completed.
@@ -1353,6 +1353,7 @@ class ReplicationManager(object):
 'cn': ['clean %d' % replicaId],
 'replica-base-dn': [self.db_suffix],
 'replica-id': [replicaId],
+'replica-force-cleaning': ['no'] if not force else ['yes'],
 }
 )
 try:
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

Re: [Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

Re: [Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

Re: [Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

Re: [Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

[Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

6 matches

Site Navigation

Mail list logo

Footer information