Re: [Freeipa-devel] ipa-replica-manage del fails to delete host entry
On 05/06/2015 03:07 PM, Tomas Babej wrote:
>
>
> On 05/06/2015 02:47 PM, Ludwig Krispenz wrote:
>>
>> Hi,
>> in recent posts about corrupted ruvs, there also was the error about failing
>> cleanup, like:
>>
>> ipa-replica-manage del vm-162.idm.lab.eng.brq.redhat.com
>>
>> ..
>> Failed to cleanup vm-162.idm.lab.eng.brq.redhat.com entries: Not allowed on
>> non-leaf entry
>>
>> in the access log we see
>>
>> [06/May/2015:14:19:11 +0200]conn=30 op=17 SRCH
>> base="cn=vm-162.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
>> scope=2 filter="(objectClass=*)" attrs=ALL
>>
>> [06/May/2015:14:19:11 +0200] conn=30 op=17 RESULT err=0 tag=101 nentries=6
>> etime=0 notes=U
>> [06/May/2015:14:19:11 +0200] conn=30 op=18 DEL
>> dn="cn=vm-162.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
>>
>> [06/May/2015:14:19:11 +0200] conn=30 op=18 RESULT err=66 tag=107 nentries=0
>> etime=0
>>
>> which means that there was an attempt to remove the host before the services
>>
>> in replica_cleanup we have:
>>
>> # delete master entry with all active services
>>
>> try:
>> dn = DN(('cn', replica), ('cn', 'masters'), ('cn', 'ipa'),('cn', 'etc'),
>> self.suffix)
>> entries = self.conn.get_entries(dn, ldap.SCOPE_SUBTREE)
>> if entries:
>> entries.sort(key=len, reverse=True)
>> for entry in entries:
>> self.conn.delete_entry(entry)
>>
>> this intends to delete children befor the parent, as teh dns of children are
>> longer, but get_entries does return a list of entries, not DNs, and so the
>> sorting does not work as can be seen in this example:
>>
>> >>> list = [('123456','A'),('123','B'),('12345678','C')]
>>
>> >>> list.sort(key=len,reverse=True)
>>
>> >>> for l in list:
>>
>> ... print l
>>
>> ...
>>
>> ('123456', 'A')
>>
>> ('123', 'B')
>>
>> ('12345678', 'C')
>>
>>
>>
>
> A quick fix would be to use key=lambda x: len(x.dn) then.
>
> Tomas
Thanks. But please link the patch proposal to
https://fedorahosted.org/freeipa/ticket/5019
to not loose track of it.
Thanks,
Martin
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] ipa-replica-manage del fails to delete host entry
On 05/06/2015 02:47 PM, Ludwig Krispenz wrote:
Hi,
in recent posts about corrupted ruvs, there also was the error about
failing cleanup, like:
ipa-replica-manage del vm-162.idm.lab.eng.brq.redhat.com
..
Failed to cleanup vm-162.idm.lab.eng.brq.redhat.com entries: Not
allowed on non-leaf entry
in the access log we see
[06/May/2015:14:19:11 +0200]conn=30 op=17 SRCH
base="cn=vm-162.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
scope=2 filter="(objectClass=*)" attrs=ALL
[06/May/2015:14:19:11 +0200] conn=30 op=17 RESULT err=0 tag=101
nentries=6 etime=0 notes=U
[06/May/2015:14:19:11 +0200] conn=30 op=18 DEL
dn="cn=vm-162.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
[06/May/2015:14:19:11 +0200] conn=30 op=18 RESULT err=66 tag=107
nentries=0 etime=0
which means that there was an attempt to remove the host before the
services
in replica_cleanup we have:
# delete master entry with all active services
try:
dn = DN(('cn', replica), ('cn', 'masters'), ('cn', 'ipa'),('cn',
'etc'), self.suffix)
entries = self.conn.get_entries(dn, ldap.SCOPE_SUBTREE)
if entries:
entries.sort(key=len, reverse=True)
for entry in entries:
self.conn.delete_entry(entry)
this intends to delete children befor the parent, as teh dns of
children are longer, but get_entries does return a list of entries,
not DNs, and so the sorting does not work as can be seen in this example:
>>> list = [('123456','A'),('123','B'),('12345678','C')]
>>> list.sort(key=len,reverse=True)
>>> for l in list:
... print l
...
('123456', 'A')
('123', 'B')
('12345678', 'C')
A quick fix would be to use key=lambda x: len(x.dn) then.
Tomas
>From 961fba0e09b4825e9db09f26fa19daba336ae437 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Wed, 6 May 2015 15:06:56 +0200
Subject: [PATCH] replica-manage: Properly delete nested entries
---
install/tools/ipa-replica-manage | 2 +-
ipaserver/install/replication.py | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 4f92c0c927b3267eeb466a06d3283823c05437b0..0d2688e6d73b1591c5e386656b7198c20d71558a 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -322,7 +322,7 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False):
ipautil.realm_to_suffix(realm))
entries = repl1.conn.get_entries(dn, repl1.conn.SCOPE_SUBTREE)
if entries:
-entries.sort(key=len, reverse=True)
+entries.sort(key=lambda x: len(x.dn), reverse=True)
for entry in entries:
repl1.conn.delete_entry(entry)
except Exception, e:
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 66764c22f69328942fe2e4581cfafb3806438d7c..b84a223b0c6841c5e5b48231f0cdef1891023822 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -1152,7 +1152,7 @@ class ReplicationManager(object):
self.suffix, ldap.SCOPE_SUBTREE,
filter='(krbprincipalname=*/%s@%s)' % (replica, realm))
if entries:
-entries.sort(key=len, reverse=True)
+entries.sort(key=lambda x: len(x.dn), reverse=True)
for entry in entries:
self.conn.delete_entry(entry)
except errors.NotFound:
@@ -1194,7 +1194,7 @@ class ReplicationManager(object):
('cn', 'etc'), self.suffix)
entries = self.conn.get_entries(dn, ldap.SCOPE_SUBTREE)
if entries:
-entries.sort(key=len, reverse=True)
+entries.sort(key=lambda x: len(x.dn), reverse=True)
for entry in entries:
self.conn.delete_entry(entry)
except errors.NotFound:
--
2.1.0
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] ipa-replica-manage del fails to delete host entry
Hi,
in recent posts about corrupted ruvs, there also was the error about
failing cleanup, like:
ipa-replica-manage del vm-162.idm.lab.eng.brq.redhat.com
..
Failed to cleanup vm-162.idm.lab.eng.brq.redhat.com entries: Not allowed
on non-leaf entry
in the access log we see
[06/May/2015:14:19:11 +0200]conn=30 op=17 SRCH
base="cn=vm-162.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
scope=2 filter="(objectClass=*)" attrs=ALL
[06/May/2015:14:19:11 +0200] conn=30 op=17 RESULT err=0 tag=101
nentries=6 etime=0 notes=U
[06/May/2015:14:19:11 +0200] conn=30 op=18 DEL
dn="cn=vm-162.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
[06/May/2015:14:19:11 +0200] conn=30 op=18 RESULT err=66 tag=107
nentries=0 etime=0
which means that there was an attempt to remove the host before the services
in replica_cleanup we have:
# delete master entry with all active services
try:
dn = DN(('cn', replica), ('cn', 'masters'), ('cn', 'ipa'),('cn',
'etc'), self.suffix)
entries = self.conn.get_entries(dn, ldap.SCOPE_SUBTREE)
if entries:
entries.sort(key=len, reverse=True)
for entry in entries:
self.conn.delete_entry(entry)
this intends to delete children befor the parent, as teh dns of children
are longer, but get_entries does return a list of entries, not DNs, and
so the sorting does not work as can be seen in this example:
>>> list = [('123456','A'),('123','B'),('12345678','C')]
>>> list.sort(key=len,reverse=True)
>>> for l in list:
... print l
...
('123456', 'A')
('123', 'B')
('12345678', 'C')
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
