Re: [Freeipa-devel] [PATCH] 878 topology: check topology in ipa-replica-manage del
On 26/06/15 14:15, Petr Vobornik wrote: On 06/17/2015 02:00 PM, Petr Vobornik wrote: ipa-replica-manage del now: - checks the whole current topology(before deletion), reports issues - simulates deletion of server and checks the topology again, reports issues Asks admin if he wants to continue with the deletion if any errors are found. https://fedorahosted.org/freeipa/ticket/4302 Patch with * changed error messages * removed question to force removal (--force is needed) attached. Works for me, ACK. -- David Kupka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 878 topology: check topology in ipa-replica-manage del
On 06/29/2015 03:33 PM, David Kupka wrote: On 26/06/15 14:15, Petr Vobornik wrote: On 06/17/2015 02:00 PM, Petr Vobornik wrote: ipa-replica-manage del now: - checks the whole current topology(before deletion), reports issues - simulates deletion of server and checks the topology again, reports issues Asks admin if he wants to continue with the deletion if any errors are found. https://fedorahosted.org/freeipa/ticket/4302 Patch with * changed error messages * removed question to force removal (--force is needed) attached. Works for me, ACK. Pushed to master: 659b88b8205ef403aa9162453472e4731d93d13b -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 878 topology: check topology in ipa-replica-manage del
On 06/26/2015 02:15 PM, Petr Vobornik wrote:
On 06/17/2015 02:00 PM, Petr Vobornik wrote:
ipa-replica-manage del now:
- checks the whole current topology(before deletion), reports issues
- simulates deletion of server and checks the topology again, reports
issues
Asks admin if he wants to continue with the deletion if any errors are
found.
https://fedorahosted.org/freeipa/ticket/4302
Patch with
* changed error messages
* removed question to force removal (--force is needed)
attached.
Fixed bug, in a broken topology, where there was a segment with removed
replica, building a graph failed.
--
Petr Vobornik
From cd3ed940d809c4c859b6a9082d46cbd4d234f53a Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Wed, 17 Jun 2015 13:33:24 +0200
Subject: [PATCH] topology: check topology in ipa-replica-manage del
ipa-replica-manage del now:
- checks the whole current topology(before deletion), reports issues
- simulates deletion of server and checks the topology again, reports issues
Asks admin if he wants to continue with the deletion if any errors are found.
https://fedorahosted.org/freeipa/ticket/4302
---
install/tools/ipa-replica-manage | 48 ++
ipalib/util.py | 51
ipapython/graph.py | 73
3 files changed, 166 insertions(+), 6 deletions(-)
create mode 100644 ipapython/graph.py
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 57e30bc54ae030a4620660d1fa7539626721ebbd..71eb992f969666cadfb9e0025b177cb3696abddc 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -35,6 +35,7 @@ from ipaserver.plugins import ldap2
from ipapython import version, ipaldap
from ipalib import api, errors, util
from ipalib.constants import CACERT
+from ipalib.util import create_topology_graph, get_topology_connection_errors
from ipapython.ipa_log_manager import *
from ipapython.dn import DN
from ipapython.config import IPAOptionParser
@@ -566,11 +567,46 @@ def check_last_link(delrepl, realm, dirman_passwd, force):
return None
def check_last_link_managed(api, masters, hostname, force):
-# segments = api.Command.topologysegment_find(u'realm', sizelimit=0).get('result')
-# replica_names = [m.single_value('cn') for m in masters]
-# orphaned = []
-# TODO add proper graph traversing algorithm here
-return None
+
+Check if 'hostname' is safe to delete.
+
+:returns: list of errors after future deletion
+
+
+segments = api.Command.topologysegment_find(u'realm', sizelimit=0).get('result')
+graph = create_topology_graph(masters, segments)
+
+# check topology before removal
+orig_errors = get_topology_connection_errors(graph)
+if orig_errors:
+print Current topology is disconnected:
+print Changes are not replicated to all servers and data are probably inconsistent.
+print You need to add segments to reconnect the topology.
+print_connect_errors(orig_errors)
+
+# after removal
+graph.remove_vertex(hostname)
+new_errors = get_topology_connection_errors(graph)
+if new_errors:
+print WARNING: Topology after removal of %s will be disconnected. % hostname
+print Changes will not be replicated to all servers and data will become inconsistent.
+print You need to add segments to prevent disconnection of the topology.
+print Errors in topology after removal:
+print_connect_errors(new_errors)
+
+if orig_errors or new_errors:
+if not force:
+sys.exit(Aborted)
+else:
+print Forcing removal of %s % hostname
+
+return new_errors
+
+def print_connect_errors(errors):
+for error in errors:
+print Topology does not allow server %s to replicate with servers: % error[0]
+for srv in error[2]:
+print %s % srv
def enforce_host_existence(host, message=None):
if host is not None and not ipautil.host_exists(host):
@@ -680,7 +716,7 @@ def del_master_managed(realm, hostname, options):
masters = api.Command.server_find('', sizelimit=0)['result']
# 3. Check topology
-orphans = check_last_link_managed(api, masters, hostname, options.force)
+check_last_link_managed(api, masters, hostname, options.force)
# 4. Check that we are not leaving the installation without CA and/or DNS
#And pick new CA master.
diff --git a/ipalib/util.py b/ipalib/util.py
index 44478a2d1eed6d66e54949e0840e6d62310830c5..75797229b5800037e352ddf02257d0b4157743d0 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -42,6 +42,7 @@ from ipalib.text import _
from ipapython.ssh import SSHPublicKey
from ipapython.dn import DN, RDN
from ipapython.dnsutil import DNSName
+from ipapython.graph import Graph
def json_serialize(obj):
@@ -780,3 +781,53 @@ def validate_idna_domain(value):
if error:
Re: [Freeipa-devel] [PATCH] 878 topology: check topology in ipa-replica-manage del
On 06/17/2015 02:00 PM, Petr Vobornik wrote:
ipa-replica-manage del now:
- checks the whole current topology(before deletion), reports issues
- simulates deletion of server and checks the topology again, reports
issues
Asks admin if he wants to continue with the deletion if any errors are
found.
https://fedorahosted.org/freeipa/ticket/4302
Patch with
* changed error messages
* removed question to force removal (--force is needed)
attached.
--
Petr Vobornik
From c14800c37744bf2df0adb4f8081698868082f2f9 Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Wed, 17 Jun 2015 13:33:24 +0200
Subject: [PATCH] topology: check topology in ipa-replica-manage del
ipa-replica-manage del now:
- checks the whole current topology(before deletion), reports issues
- simulates deletion of server and checks the topology again, reports issues
Asks admin if he wants to continue with the deletion if any errors are found.
https://fedorahosted.org/freeipa/ticket/4302
---
install/tools/ipa-replica-manage | 48
ipalib/util.py | 48
ipapython/graph.py | 69
3 files changed, 159 insertions(+), 6 deletions(-)
create mode 100644 ipapython/graph.py
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 57e30bc54ae030a4620660d1fa7539626721ebbd..71eb992f969666cadfb9e0025b177cb3696abddc 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -35,6 +35,7 @@ from ipaserver.plugins import ldap2
from ipapython import version, ipaldap
from ipalib import api, errors, util
from ipalib.constants import CACERT
+from ipalib.util import create_topology_graph, get_topology_connection_errors
from ipapython.ipa_log_manager import *
from ipapython.dn import DN
from ipapython.config import IPAOptionParser
@@ -566,11 +567,46 @@ def check_last_link(delrepl, realm, dirman_passwd, force):
return None
def check_last_link_managed(api, masters, hostname, force):
-# segments = api.Command.topologysegment_find(u'realm', sizelimit=0).get('result')
-# replica_names = [m.single_value('cn') for m in masters]
-# orphaned = []
-# TODO add proper graph traversing algorithm here
-return None
+
+Check if 'hostname' is safe to delete.
+
+:returns: list of errors after future deletion
+
+
+segments = api.Command.topologysegment_find(u'realm', sizelimit=0).get('result')
+graph = create_topology_graph(masters, segments)
+
+# check topology before removal
+orig_errors = get_topology_connection_errors(graph)
+if orig_errors:
+print Current topology is disconnected:
+print Changes are not replicated to all servers and data are probably inconsistent.
+print You need to add segments to reconnect the topology.
+print_connect_errors(orig_errors)
+
+# after removal
+graph.remove_vertex(hostname)
+new_errors = get_topology_connection_errors(graph)
+if new_errors:
+print WARNING: Topology after removal of %s will be disconnected. % hostname
+print Changes will not be replicated to all servers and data will become inconsistent.
+print You need to add segments to prevent disconnection of the topology.
+print Errors in topology after removal:
+print_connect_errors(new_errors)
+
+if orig_errors or new_errors:
+if not force:
+sys.exit(Aborted)
+else:
+print Forcing removal of %s % hostname
+
+return new_errors
+
+def print_connect_errors(errors):
+for error in errors:
+print Topology does not allow server %s to replicate with servers: % error[0]
+for srv in error[2]:
+print %s % srv
def enforce_host_existence(host, message=None):
if host is not None and not ipautil.host_exists(host):
@@ -680,7 +716,7 @@ def del_master_managed(realm, hostname, options):
masters = api.Command.server_find('', sizelimit=0)['result']
# 3. Check topology
-orphans = check_last_link_managed(api, masters, hostname, options.force)
+check_last_link_managed(api, masters, hostname, options.force)
# 4. Check that we are not leaving the installation without CA and/or DNS
#And pick new CA master.
diff --git a/ipalib/util.py b/ipalib/util.py
index 44478a2d1eed6d66e54949e0840e6d62310830c5..6f7d4a67174aa2f3df8a92f1a25d20a16d3b3f03 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -42,6 +42,7 @@ from ipalib.text import _
from ipapython.ssh import SSHPublicKey
from ipapython.dn import DN, RDN
from ipapython.dnsutil import DNSName
+from ipapython.graph import Graph
def json_serialize(obj):
@@ -780,3 +781,50 @@ def validate_idna_domain(value):
if error:
raise ValueError(error)
+
+
+def create_topology_graph(masters, segments):
+
+Create an oriented graph from topology defined by masters and
