Re: [Freeipa-devel] [PATCH 0488-0489] Perfomance: membership processing related patches
On 02.06.2016 09:41, Martin Basti wrote: On 31.05.2016 14:10, Martin Basti wrote: On 31.05.2016 14:08, Martin Babinsky wrote: On 05/31/2016 01:57 PM, Martin Basti wrote: On 31.05.2016 12:44, Martin Babinsky wrote: On 05/28/2016 01:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4995 Patches attached Hi, PATCH 0488: LGTM PATCH 0489: @@ -996,10 +997,10 @@ def check_deleted_segments(hostname, masters, topo_errors, starting_host): i = 0 while True: left = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0, )['result'] right = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0, )['result'] it seems that you added 'no_members=True' there and then removed it because reasons. Please revert the this part to the original code so that it does not stick out. Better (the right one) patches attached. ACK master: * 91572afc60f590f0d81ad18234189a0b48144bf5 Make option --no-members public in CLI * 5f42b42bd4557a669ab5cfcf1af6596f1a2535f1 Performance: Find commands: do not process members by default We found and issue, I used flag 'no_cli' instead of 'no_option' fixed and pushed under oneliner rule master: * 5c58751d72de27eae2181f2c0e620df03f8dbc82 Fix: replace incorrect no_cli with no_option flag I found another one-liner issue, there was extra no_members=False in topologysuffix_find in replication.py, which caused error in ipa-replica-manage Pushed to master: f077fab23fe9dc8a71562d1ba3c0d603d2957d3b From 84208709bc294e88c493c948b5f606eb575e94de Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Thu, 2 Jun 2016 13:15:33 +0200 Subject: [PATCH] Fix: topologysuffix_find doesn't have no_members option Remove no_members=False from because topologysuffix_attribute doesn't have no_members option, and this causes errors in replication.py https://fedorahosted.org/freeipa/ticket/4995 --- ipaserver/install/replication.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index c58cce228128613223840599e00b9f6c14f0835f..53b3d5cf64ca48535f703e73a13a40c709a1b2d4 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -1782,7 +1782,7 @@ def get_orphaned_suffixes(masters): master """ all_suffixes = api.Command.topologysuffix_find( -sizelimit=0, no_members=False)['result'] +sizelimit=0)['result'] all_suffix_names = set(s['cn'][0] for s in all_suffixes) managed_suffixes = set(map_masters_to_suffixes(masters)) -- 2.5.5 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0488-0489] Perfomance: membership processing related patches
On 31.05.2016 14:10, Martin Basti wrote: On 31.05.2016 14:08, Martin Babinsky wrote: On 05/31/2016 01:57 PM, Martin Basti wrote: On 31.05.2016 12:44, Martin Babinsky wrote: On 05/28/2016 01:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4995 Patches attached Hi, PATCH 0488: LGTM PATCH 0489: @@ -996,10 +997,10 @@ def check_deleted_segments(hostname, masters, topo_errors, starting_host): i = 0 while True: left = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0, )['result'] right = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0, )['result'] it seems that you added 'no_members=True' there and then removed it because reasons. Please revert the this part to the original code so that it does not stick out. Better (the right one) patches attached. ACK master: * 91572afc60f590f0d81ad18234189a0b48144bf5 Make option --no-members public in CLI * 5f42b42bd4557a669ab5cfcf1af6596f1a2535f1 Performance: Find commands: do not process members by default We found and issue, I used flag 'no_cli' instead of 'no_option' fixed and pushed under oneliner rule master: * 5c58751d72de27eae2181f2c0e620df03f8dbc82 Fix: replace incorrect no_cli with no_option flag From fd94356a151fd6c75c3e228df40dba730b8d2655 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Thu, 2 Jun 2016 08:07:12 +0200 Subject: [PATCH] Fix: replace incorrect no_cli with no_option flag The 'no_cli' is not valid flag in parameters scope, so to hide option from CLI 'no_option' flag should be used https://fedorahosted.org/freeipa/ticket/4995 --- ipalib/plugins/baseldap.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 9c77fd62e9a8d8c7147f5ba055f4a9f30ee8e559..bbd8ba146ead81857bbc4c2aee550b855b846be5 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1911,7 +1911,7 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): # no_members are always true for find commands, do not # show option in CLI but keep API compatibility option = option.clone( -default=True, flags=option.flags | {"no_cli"}) +default=True, flags=option.flags | {"no_option"}) yield option if self.obj.primary_key and \ 'no_output' not in self.obj.primary_key.flags: -- 2.5.5 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0488-0489] Perfomance: membership processing related patches
On 31.05.2016 14:08, Martin Babinsky wrote: On 05/31/2016 01:57 PM, Martin Basti wrote: On 31.05.2016 12:44, Martin Babinsky wrote: On 05/28/2016 01:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4995 Patches attached Hi, PATCH 0488: LGTM PATCH 0489: @@ -996,10 +997,10 @@ def check_deleted_segments(hostname, masters, topo_errors, starting_host): i = 0 while True: left = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0, )['result'] right = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0, )['result'] it seems that you added 'no_members=True' there and then removed it because reasons. Please revert the this part to the original code so that it does not stick out. Better (the right one) patches attached. ACK master: * 91572afc60f590f0d81ad18234189a0b48144bf5 Make option --no-members public in CLI * 5f42b42bd4557a669ab5cfcf1af6596f1a2535f1 Performance: Find commands: do not process members by default -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0488-0489] Perfomance: membership processing related patches
On 05/31/2016 01:57 PM, Martin Basti wrote: On 31.05.2016 12:44, Martin Babinsky wrote: On 05/28/2016 01:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4995 Patches attached Hi, PATCH 0488: LGTM PATCH 0489: @@ -996,10 +997,10 @@ def check_deleted_segments(hostname, masters, topo_errors, starting_host): i = 0 while True: left = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0, )['result'] right = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0, )['result'] it seems that you added 'no_members=True' there and then removed it because reasons. Please revert the this part to the original code so that it does not stick out. Better (the right one) patches attached. ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0488-0489] Perfomance: membership processing related patches
On 31.05.2016 12:44, Martin Babinsky wrote: On 05/28/2016 01:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4995 Patches attached Hi, PATCH 0488: LGTM PATCH 0489: @@ -996,10 +997,10 @@ def check_deleted_segments(hostname, masters, topo_errors, starting_host): i = 0 while True: left = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0, )['result'] right = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0, )['result'] it seems that you added 'no_members=True' there and then removed it because reasons. Please revert the this part to the original code so that it does not stick out. Better (the right one) patches attached. From 6e39ae4ba31a2f1839655c593c2bcc9952e16712 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Thu, 17 Mar 2016 11:06:54 +0100 Subject: [PATCH 1/2] Make option --no-members public in CLI With many members commands became slow. Making this option public allows users to speedup searches. https://fedorahosted.org/freeipa/ticket/4995 --- ipalib/plugins/baseldap.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 72e7e0725ec41bb72fcef124734150970fa06062..8a696f3c8e6c239f6ac38621de9f2fb403e4f99b 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1117,7 +1117,7 @@ last, after all sets and adds."""), yield Flag('no_members', doc=_('Suppress processing of membership attributes.'), exclude='webui', -flags=['no_option', 'no_output'], +flags=['no_output'], ) break -- 2.5.5 From 034d3ea3d9e97da6ffb143957f0988f45ceef62d Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Thu, 19 May 2016 13:50:38 +0200 Subject: [PATCH 2/2] Performance: Find commands: do not process members by default In all *-find commands, member attributes shouldn't be processed due high amount fo ldpaserches cause serious performance issues. For this reason --no-members option is set by default in CLI and API. To get members in *-find command option --all in CLI is rquired or 'no_members=False' or 'all=True' must be set in API call. For other commands processing of members stays unchanged. WebUI is not affected by this change. https://fedorahosted.org/freeipa/ticket/4995 --- API.txt| 44 ++-- VERSION| 4 +- install/tools/ipa-replica-manage | 6 +- ipalib/plugins/baseldap.py | 7 +- ipalib/plugins/caacl.py| 2 +- ipalib/plugins/hbactest.py | 3 +- ipalib/plugins/otptoken.py | 3 +- ipalib/plugins/topology.py | 6 +- ipalib/plugins/user.py | 3 +- ipaserver/install/replication.py | 3 +- ipaserver/install/server/install.py| 3 +- ipatests/test_xmlrpc/test_group_plugin.py | 54 +++- ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py | 21 +- ipatests/test_xmlrpc/test_hostgroup_plugin.py | 5 + ipatests/test_xmlrpc/test_netgroup_plugin.py | 115 - ipatests/test_xmlrpc/test_old_permission_plugin.py | 272 ++-- ipatests/test_xmlrpc/test_permission_plugin.py | 273 - ipatests/test_xmlrpc/test_privilege_plugin.py | 60 - ipatests/test_xmlrpc/test_role_plugin.py | 85 ++- ipatests/test_xmlrpc/test_service_plugin.py| 20 +- .../test_xmlrpc/test_servicedelegation_plugin.py | 30 ++- ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py | 5 + ipatests/test_xmlrpc/test_user_plugin.py | 2 +- ipatests/test_xmlrpc/tracker/host_plugin.py| 5 +- ipatests/test_xmlrpc/tracker/hostgroup_plugin.py | 13 +- ipatests/test_xmlrpc/tracker/sudocmd_plugin.py | 7 +- .../test_xmlrpc/tracker/sudocmdgroup_plugin.py | 9 +- ipatests/test_xmlrpc/tracker/user_plugin.py| 3 +- 28 files changed, 973 insertions(+), 90 deletions(-) diff --git a/API.txt b/API.txt index dbc6f1adc614607fab106ab0de7163961e7ecedc..3ad250e74f48ef3c54494ba6bd2d398a7c5d1b69 100644 --- a/API.txt +++ b/API.txt @@ -551,7 +551,7 @@ option: Str('description?', autofill=False, cli_name='desc') option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: StrEnum('ipacertprofilecategory?',
Re: [Freeipa-devel] [PATCH 0488-0489] Perfomance: membership processing related patches
On 31.05.2016 12:44, Martin Babinsky wrote: On 05/28/2016 01:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4995 Patches attached Hi, PATCH 0488: LGTM PATCH 0489: @@ -996,10 +997,10 @@ def check_deleted_segments(hostname, masters, topo_errors, starting_host): i = 0 while True: left = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0, )['result'] right = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0, )['result'] it seems that you added 'no_members=True' there and then removed it because reasons. Please revert the this part to the original code so that it does not stick out. Thanks, updated patches attached. Martin From 034d3ea3d9e97da6ffb143957f0988f45ceef62d Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Thu, 19 May 2016 13:50:38 +0200 Subject: [PATCH 1/2] Performance: Find commands: do not process members by default In all *-find commands, member attributes shouldn't be processed due high amount fo ldpaserches cause serious performance issues. For this reason --no-members option is set by default in CLI and API. To get members in *-find command option --all in CLI is rquired or 'no_members=False' or 'all=True' must be set in API call. For other commands processing of members stays unchanged. WebUI is not affected by this change. https://fedorahosted.org/freeipa/ticket/4995 --- API.txt| 44 ++-- VERSION| 4 +- install/tools/ipa-replica-manage | 6 +- ipalib/plugins/baseldap.py | 7 +- ipalib/plugins/caacl.py| 2 +- ipalib/plugins/hbactest.py | 3 +- ipalib/plugins/otptoken.py | 3 +- ipalib/plugins/topology.py | 6 +- ipalib/plugins/user.py | 3 +- ipaserver/install/replication.py | 3 +- ipaserver/install/server/install.py| 3 +- ipatests/test_xmlrpc/test_group_plugin.py | 54 +++- ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py | 21 +- ipatests/test_xmlrpc/test_hostgroup_plugin.py | 5 + ipatests/test_xmlrpc/test_netgroup_plugin.py | 115 - ipatests/test_xmlrpc/test_old_permission_plugin.py | 272 ++-- ipatests/test_xmlrpc/test_permission_plugin.py | 273 - ipatests/test_xmlrpc/test_privilege_plugin.py | 60 - ipatests/test_xmlrpc/test_role_plugin.py | 85 ++- ipatests/test_xmlrpc/test_service_plugin.py| 20 +- .../test_xmlrpc/test_servicedelegation_plugin.py | 30 ++- ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py | 5 + ipatests/test_xmlrpc/test_user_plugin.py | 2 +- ipatests/test_xmlrpc/tracker/host_plugin.py| 5 +- ipatests/test_xmlrpc/tracker/hostgroup_plugin.py | 13 +- ipatests/test_xmlrpc/tracker/sudocmd_plugin.py | 7 +- .../test_xmlrpc/tracker/sudocmdgroup_plugin.py | 9 +- ipatests/test_xmlrpc/tracker/user_plugin.py| 3 +- 28 files changed, 973 insertions(+), 90 deletions(-) diff --git a/API.txt b/API.txt index dbc6f1adc614607fab106ab0de7163961e7ecedc..3ad250e74f48ef3c54494ba6bd2d398a7c5d1b69 100644 --- a/API.txt +++ b/API.txt @@ -551,7 +551,7 @@ option: Str('description?', autofill=False, cli_name='desc') option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: StrEnum('ipacertprofilecategory?', autofill=False, cli_name='profilecat', values=[u'all']) option: Bool('ipaenabledflag?', autofill=False) -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('servicecategory?', autofill=False, cli_name='servicecat', values=[u'all']) @@ -1598,7 +1598,7 @@ option: Str('in_netgroup*', cli_name='in_netgroups') option: Str('in_role*', cli_name='in_roles') option: Str('in_sudorule*', cli_name='in_sudorules') option: Str('no_group*', cli_name='no_groups') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Str('no_user*', cli_name='no_users') option: Flag('nonposix', autofill=True, cli_name='nonposix', default=False) option: Str('not_in_group*', cli_name='not_in_groups') @@ -1763,7 +1763,7 @@ option: Str('description?', autofill=False, cli_name='desc') option: Str('externalhost*',
Re: [Freeipa-devel] [PATCH 0488-0489] Perfomance: membership processing related patches
On 05/28/2016 01:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4995 Patches attached Hi, PATCH 0488: LGTM PATCH 0489: @@ -996,10 +997,10 @@ def check_deleted_segments(hostname, masters, topo_errors, starting_host): i = 0 while True: left = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentleftnode=hostname, sizelimit=0, )['result'] right = api.Command.topologysegment_find( -suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0 +suffix_name, iparepltoposegmentrightnode=hostname, sizelimit=0, )['result'] it seems that you added 'no_members=True' there and then removed it because reasons. Please revert the this part to the original code so that it does not stick out. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH 0488-0489] Perfomance: membership processing related patches
https://fedorahosted.org/freeipa/ticket/4995 Patches attached From 8e9c581c290e23fd39156f8a5e57fcff9fbad63f Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Thu, 17 Mar 2016 11:06:54 +0100 Subject: [PATCH 1/2] Make option --no-members public in CLI With many members commands became slow. Making this option public allows users to speedup searches. https://fedorahosted.org/freeipa/ticket/4995 --- ipalib/plugins/baseldap.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 72e7e0725ec41bb72fcef124734150970fa06062..8a696f3c8e6c239f6ac38621de9f2fb403e4f99b 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1117,7 +1117,7 @@ last, after all sets and adds."""), yield Flag('no_members', doc=_('Suppress processing of membership attributes.'), exclude='webui', -flags=['no_option', 'no_output'], +flags=['no_output'], ) break -- 2.5.5 From 7aba8990fa8bf422bac0389bc7dfdb330e07a96b Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Thu, 19 May 2016 13:50:38 +0200 Subject: [PATCH 2/2] Performance: Find commands: do not process members by default In all *-find commands, member attributes shouldn't be processed due high amount fo ldpaserches cause serious performance issues. For this reason --no-members option is set by default in CLI and API. To get members in *-find command option --all in CLI is rquired or 'no_members=False' or 'all=True' must be set in API call. For other commands processing of members stays unchanged. WebUI is not affected by this change. https://fedorahosted.org/freeipa/ticket/4995 --- API.txt| 44 ++-- VERSION| 4 +- install/tools/ipa-replica-manage | 10 +- ipalib/plugins/baseldap.py | 7 +- ipalib/plugins/caacl.py| 2 +- ipalib/plugins/hbactest.py | 3 +- ipalib/plugins/otptoken.py | 3 +- ipalib/plugins/topology.py | 6 +- ipalib/plugins/user.py | 3 +- ipaserver/install/replication.py | 3 +- ipaserver/install/server/install.py| 3 +- ipatests/test_xmlrpc/test_group_plugin.py | 54 +++- ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py | 21 +- ipatests/test_xmlrpc/test_hostgroup_plugin.py | 5 + ipatests/test_xmlrpc/test_netgroup_plugin.py | 115 - ipatests/test_xmlrpc/test_old_permission_plugin.py | 272 ++-- ipatests/test_xmlrpc/test_permission_plugin.py | 273 - ipatests/test_xmlrpc/test_privilege_plugin.py | 60 - ipatests/test_xmlrpc/test_role_plugin.py | 85 ++- ipatests/test_xmlrpc/test_service_plugin.py| 20 +- .../test_xmlrpc/test_servicedelegation_plugin.py | 30 ++- ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py | 5 + ipatests/test_xmlrpc/test_user_plugin.py | 2 +- ipatests/test_xmlrpc/tracker/host_plugin.py| 5 +- ipatests/test_xmlrpc/tracker/hostgroup_plugin.py | 13 +- ipatests/test_xmlrpc/tracker/sudocmd_plugin.py | 7 +- .../test_xmlrpc/tracker/sudocmdgroup_plugin.py | 9 +- ipatests/test_xmlrpc/tracker/user_plugin.py| 3 +- 28 files changed, 975 insertions(+), 92 deletions(-) diff --git a/API.txt b/API.txt index dbc6f1adc614607fab106ab0de7163961e7ecedc..3ad250e74f48ef3c54494ba6bd2d398a7c5d1b69 100644 --- a/API.txt +++ b/API.txt @@ -551,7 +551,7 @@ option: Str('description?', autofill=False, cli_name='desc') option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: StrEnum('ipacertprofilecategory?', autofill=False, cli_name='profilecat', values=[u'all']) option: Bool('ipaenabledflag?', autofill=False) -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('servicecategory?', autofill=False, cli_name='servicecat', values=[u'all']) @@ -1598,7 +1598,7 @@ option: Str('in_netgroup*', cli_name='in_netgroups') option: Str('in_role*', cli_name='in_roles') option: Str('in_sudorule*', cli_name='in_sudorules') option: Str('no_group*', cli_name='no_groups') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Str('no_user*', cli_name='no_users') option: Flag('nonposix', autofill=True, cli_name='nonposix', default=False) option: Str('not_in_group*', cli_name='not_in_groups') @@ -1763,7 +1763,7