On 06/24/2015 04:19 PM, Oleg Fayans wrote:
On 06/24/2015 02:35 PM, Ludwig Krispenz wrote:
On 06/24/2015 02:30 PM, Oleg Fayans wrote:
On 06/24/2015 02:25 PM, Ludwig Krispenz wrote:
On 06/24/2015 01:59 PM, Oleg Fayans wrote:
Hi Petr,
Thanks for clarification! It seems though, that all possible
attributes are already mapped to the topologysegment-mod options:
[13:42:45]ofayans@vm-244:~]$ ipa show-mappings topologysegment-mod
Parameter : LDAP attribute
========= : ==============
stripattrs : nsds5replicastripattrs
replattrs : nsds5replicatedattributelist
replattrstotal : nsds5replicatedattributelisttotal
timeout : nsds5replicatimeout
enabled : nsds5replicaenabled
rights : rights
[13:47:41]ofayans@vm-244:~]$ ipa help topologysegment-mod
Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX
NAME [options]
Modify a segment.
Options:
-h, --help show this help message and exit
--stripattrs=STR A space separated list of attributes which
are removed
from replication updates.
--replattrs=STR Attributes that are not replicated to a
consumer
server during a fractional update. E.g.,
`(objectclass=*) $ EXCLUDE accountlockout
memberof
--replattrstotal=STR Attributes that are not replicated to a
consumer
server during a total update. E.g.
(objectclass=*) $
EXCLUDE accountlockout
--timeout=INT Number of seconds outbound LDAP operations
waits for a
response from the remote replica before
timing out and
failing
--enabled=['on', 'off']
Whether a replication agreement is active,
meaning
whether replication is occurring per that
agreement
--setattr=STR Set an attribute to a name/value pair.
Format is
attr=value. For multi-valued attributes,
the command
replaces the values already present.
--addattr=STR Add an attribute/value pair. Format is
attr=value. The
attribute must be part of the schema.
--delattr=STR Delete an attribute/value pair. The option
will be
evaluated last, after all sets and adds.
--rights Display the access rights of this entry
(requires
--all). See ipa man page for details.
--all Retrieve and print all attributes from the
server.
Affects command output.
--raw Print entries as stored on the server.
Only affects
output format.
So, setattr, addattr and delattr should, I think, be explained in
the design document, with example usage.
Another question that I have:
In order to test topologysegment-reinitialize, I need to set the
replica timeout to, say, 1, then turn this replica off, then make
some changes on master and turn on the replica? I mean, my goal is
to make master to give up attempts to synchronize with replica, is
that correct?
I don't see why you want to do all these steps, initialize means
that the database of B is overwritten by the database of A, so you
could check that the content is the same. But to simulate a
situation where init is required is not so easy, if you turn the
replica on again, the changes could be normally replicated before
you start the init
The question is: how do I make sure that the content on node /a /is
overwritten with the content of node /b/? I kind of need the two
nodes to have different content and not trying to synchronize
automatically
you could combine this with a backup test. On server A make a backup,
make some changes on any node and wait until it is replicated
everywhere. restore A from the backup and reinitialize the complete
topology. It should be enough with 2 or three servers
Will the changes introduced by restoring from backup not get
replicated automatically?
no, a restore will only replace the database, then it depends on the
replication agreements and state of other servers. On the restored
server the changes after backup are no longer available, but they coul
be replicated back from other servers, that's why it is recommended to
disable repl agreements to this server and then reinit
On 06/24/2015 12:28 PM, Petr Vobornik wrote:
On 06/24/2015 12:19 PM, Oleg Fayans wrote:
Hi Ludwig,
I see some contradictions in the way the segment modification
cli is
implemented:
1.
$ ipa help topologysegment-mod
Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX NAME
[options]
$ ipa topologysegment-mod realm 127-to-244 --setattr=Segment
name=test
ipa: ERROR: command 'topologysegment_mod' takes at most 2 arguments
(suffix + name + options = 3, not 2)
'Segment name' is not correct attribute name. More below.
2.
Is there a way to list all possible attributes available for
modification?
When do topologysegment-show --all, I get quite a small number
of them,
and even them I am unable to modify:
$ ipa topologysegment-show realm 127-to-244 --all
dn:
cn=127-to-244,cn=realm,cn=topology,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
Segment name: 127-to-244
Left node: vm-127.idm.lab.eng.brq.redhat.com
Right node: vm-244.idm.lab.eng.brq.redhat.com
Connectivity: both
objectclass: top, iparepltoposegment
$ ipa topologysegment-mod realm 127-to-244
--setattr=connectivity=left-right
ipa: ERROR: attribute "connectivity" not allowed
$ ipa topologysegment-mod realm 127-to-244
--setattr=direction=left-right
ipa: ERROR: attribute "direction" not allowed
--XXXattr options work with LDAP attributes names. 'direction' is
the option name but not attribute name. Attribute name is
iparepltoposegmentdirection.
You can see the mappings in, e.g.,:
ipa show-mappings topologysegment-mod
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
