Re: [Freeipa-devel] [PATCH] 878 topology: check topology in ipa-replica-manage del
On 06/29/2015 03:33 PM, David Kupka wrote: On 26/06/15 14:15, Petr Vobornik wrote: On 06/17/2015 02:00 PM, Petr Vobornik wrote: ipa-replica-manage del now: - checks the whole current topology(before deletion), reports issues - simulates deletion of server and checks the topology again, reports issues Asks admin if he wants to continue with the deletion if any errors are found. https://fedorahosted.org/freeipa/ticket/4302 Patch with * changed error messages * removed question to force removal (--force is needed) attached. Works for me, ACK. Pushed to master: 659b88b8205ef403aa9162453472e4731d93d13b -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 878 topology: check topology in ipa-replica-manage del
On 26/06/15 14:15, Petr Vobornik wrote: On 06/17/2015 02:00 PM, Petr Vobornik wrote: ipa-replica-manage del now: - checks the whole current topology(before deletion), reports issues - simulates deletion of server and checks the topology again, reports issues Asks admin if he wants to continue with the deletion if any errors are found. https://fedorahosted.org/freeipa/ticket/4302 Patch with * changed error messages * removed question to force removal (--force is needed) attached. Works for me, ACK. -- David Kupka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 878 topology: check topology in ipa-replica-manage del
On 06/26/2015 02:15 PM, Petr Vobornik wrote: On 06/17/2015 02:00 PM, Petr Vobornik wrote: ipa-replica-manage del now: - checks the whole current topology(before deletion), reports issues - simulates deletion of server and checks the topology again, reports issues Asks admin if he wants to continue with the deletion if any errors are found. https://fedorahosted.org/freeipa/ticket/4302 Patch with * changed error messages * removed question to force removal (--force is needed) attached. Fixed bug, in a broken topology, where there was a segment with removed replica, building a graph failed. -- Petr Vobornik From cd3ed940d809c4c859b6a9082d46cbd4d234f53a Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Wed, 17 Jun 2015 13:33:24 +0200 Subject: [PATCH] topology: check topology in ipa-replica-manage del ipa-replica-manage del now: - checks the whole current topology(before deletion), reports issues - simulates deletion of server and checks the topology again, reports issues Asks admin if he wants to continue with the deletion if any errors are found. https://fedorahosted.org/freeipa/ticket/4302 --- install/tools/ipa-replica-manage | 48 ++ ipalib/util.py | 51 ipapython/graph.py | 73 3 files changed, 166 insertions(+), 6 deletions(-) create mode 100644 ipapython/graph.py diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 57e30bc54ae030a4620660d1fa7539626721ebbd..71eb992f969666cadfb9e0025b177cb3696abddc 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -35,6 +35,7 @@ from ipaserver.plugins import ldap2 from ipapython import version, ipaldap from ipalib import api, errors, util from ipalib.constants import CACERT +from ipalib.util import create_topology_graph, get_topology_connection_errors from ipapython.ipa_log_manager import * from ipapython.dn import DN from ipapython.config import IPAOptionParser @@ -566,11 +567,46 @@ def check_last_link(delrepl, realm, dirman_passwd, force): return None def check_last_link_managed(api, masters, hostname, force): -# segments = api.Command.topologysegment_find(u'realm', sizelimit=0).get('result') -# replica_names = [m.single_value('cn') for m in masters] -# orphaned = [] -# TODO add proper graph traversing algorithm here -return None +""" +Check if 'hostname' is safe to delete. + +:returns: list of errors after future deletion +""" + +segments = api.Command.topologysegment_find(u'realm', sizelimit=0).get('result') +graph = create_topology_graph(masters, segments) + +# check topology before removal +orig_errors = get_topology_connection_errors(graph) +if orig_errors: +print "Current topology is disconnected:" +print "Changes are not replicated to all servers and data are probably inconsistent." +print "You need to add segments to reconnect the topology." +print_connect_errors(orig_errors) + +# after removal +graph.remove_vertex(hostname) +new_errors = get_topology_connection_errors(graph) +if new_errors: +print "WARNING: Topology after removal of %s will be disconnected." % hostname +print "Changes will not be replicated to all servers and data will become inconsistent." +print "You need to add segments to prevent disconnection of the topology." +print "Errors in topology after removal:" +print_connect_errors(new_errors) + +if orig_errors or new_errors: +if not force: +sys.exit("Aborted") +else: +print "Forcing removal of %s" % hostname + +return new_errors + +def print_connect_errors(errors): +for error in errors: +print "Topology does not allow server %s to replicate with servers:" % error[0] +for srv in error[2]: +print "%s" % srv def enforce_host_existence(host, message=None): if host is not None and not ipautil.host_exists(host): @@ -680,7 +716,7 @@ def del_master_managed(realm, hostname, options): masters = api.Command.server_find('', sizelimit=0)['result'] # 3. Check topology -orphans = check_last_link_managed(api, masters, hostname, options.force) +check_last_link_managed(api, masters, hostname, options.force) # 4. Check that we are not leaving the installation without CA and/or DNS #And pick new CA master. diff --git a/ipalib/util.py b/ipalib/util.py index 44478a2d1eed6d66e54949e0840e6d62310830c5..75797229b5800037e352ddf02257d0b4157743d0 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -42,6 +42,7 @@ from ipalib.text import _ from ipapython.ssh import SSHPublicKey from ipapython.dn import DN, RDN from ipapython.dnsutil import DNSName +from ipapython.graph import Graph def json_serialize(obj): @@ -780,3 +781,53 @@ def validate_idna_domain(value): if
Re: [Freeipa-devel] [PATCH] 878 topology: check topology in ipa-replica-manage del
On 06/17/2015 02:00 PM, Petr Vobornik wrote: ipa-replica-manage del now: - checks the whole current topology(before deletion), reports issues - simulates deletion of server and checks the topology again, reports issues Asks admin if he wants to continue with the deletion if any errors are found. https://fedorahosted.org/freeipa/ticket/4302 Patch with * changed error messages * removed question to force removal (--force is needed) attached. -- Petr Vobornik From c14800c37744bf2df0adb4f8081698868082f2f9 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Wed, 17 Jun 2015 13:33:24 +0200 Subject: [PATCH] topology: check topology in ipa-replica-manage del ipa-replica-manage del now: - checks the whole current topology(before deletion), reports issues - simulates deletion of server and checks the topology again, reports issues Asks admin if he wants to continue with the deletion if any errors are found. https://fedorahosted.org/freeipa/ticket/4302 --- install/tools/ipa-replica-manage | 48 ipalib/util.py | 48 ipapython/graph.py | 69 3 files changed, 159 insertions(+), 6 deletions(-) create mode 100644 ipapython/graph.py diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 57e30bc54ae030a4620660d1fa7539626721ebbd..71eb992f969666cadfb9e0025b177cb3696abddc 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -35,6 +35,7 @@ from ipaserver.plugins import ldap2 from ipapython import version, ipaldap from ipalib import api, errors, util from ipalib.constants import CACERT +from ipalib.util import create_topology_graph, get_topology_connection_errors from ipapython.ipa_log_manager import * from ipapython.dn import DN from ipapython.config import IPAOptionParser @@ -566,11 +567,46 @@ def check_last_link(delrepl, realm, dirman_passwd, force): return None def check_last_link_managed(api, masters, hostname, force): -# segments = api.Command.topologysegment_find(u'realm', sizelimit=0).get('result') -# replica_names = [m.single_value('cn') for m in masters] -# orphaned = [] -# TODO add proper graph traversing algorithm here -return None +""" +Check if 'hostname' is safe to delete. + +:returns: list of errors after future deletion +""" + +segments = api.Command.topologysegment_find(u'realm', sizelimit=0).get('result') +graph = create_topology_graph(masters, segments) + +# check topology before removal +orig_errors = get_topology_connection_errors(graph) +if orig_errors: +print "Current topology is disconnected:" +print "Changes are not replicated to all servers and data are probably inconsistent." +print "You need to add segments to reconnect the topology." +print_connect_errors(orig_errors) + +# after removal +graph.remove_vertex(hostname) +new_errors = get_topology_connection_errors(graph) +if new_errors: +print "WARNING: Topology after removal of %s will be disconnected." % hostname +print "Changes will not be replicated to all servers and data will become inconsistent." +print "You need to add segments to prevent disconnection of the topology." +print "Errors in topology after removal:" +print_connect_errors(new_errors) + +if orig_errors or new_errors: +if not force: +sys.exit("Aborted") +else: +print "Forcing removal of %s" % hostname + +return new_errors + +def print_connect_errors(errors): +for error in errors: +print "Topology does not allow server %s to replicate with servers:" % error[0] +for srv in error[2]: +print "%s" % srv def enforce_host_existence(host, message=None): if host is not None and not ipautil.host_exists(host): @@ -680,7 +716,7 @@ def del_master_managed(realm, hostname, options): masters = api.Command.server_find('', sizelimit=0)['result'] # 3. Check topology -orphans = check_last_link_managed(api, masters, hostname, options.force) +check_last_link_managed(api, masters, hostname, options.force) # 4. Check that we are not leaving the installation without CA and/or DNS #And pick new CA master. diff --git a/ipalib/util.py b/ipalib/util.py index 44478a2d1eed6d66e54949e0840e6d62310830c5..6f7d4a67174aa2f3df8a92f1a25d20a16d3b3f03 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -42,6 +42,7 @@ from ipalib.text import _ from ipapython.ssh import SSHPublicKey from ipapython.dn import DN, RDN from ipapython.dnsutil import DNSName +from ipapython.graph import Graph def json_serialize(obj): @@ -780,3 +781,50 @@ def validate_idna_domain(value): if error: raise ValueError(error) + + +def create_topology_graph(masters, segments): +""" +Create an oriented graph from topology defined by