On 04/14/2016 08:42 AM, Jan Cholasta wrote:
There are actually two checks that we need to pass/bypass before we can remove the master entry and run all the cleanup shenanigans:Hi,On 13.4.2016 16:49, Martin Babinsky wrote:This is a WIP patch which moves the `ipa-replica-manage del` subcommand to the 'server-del' API method and exposes it as CLI command[1]. A CI test suite is also included.`server-del` now accepts the following options: * `--cleanup`: perform a cleanup after an already deleted masterI would prefer if this was actually called --force, for reasons explained in the design thread: <https://www.redhat.com/archives/freeipa-devel/2016-April/msg00010.html>.* `--force-removal`: force master removal, i.e. ignore topology errorsSo, this is actually the all-powerful --force option we always try to avoid, but with a different name (and not very good one - if you are removing something, what other than removal would you need to force?). Could you split this into separate options?
1.) the topology is not disconnected already or is not being disconnected by the action
2.) the action does leave at least one CA/DNS server, does not remove DNSSec keymaster and we can promote other master to CA renewal master
So IIUC we would need three options actually:
* one that bypasses topology checks ('--ignore-topology-disconnect')
* one that bypasses the check for remaining services
('--ignore-last-services?')
* one that will cleanup leftovers only, ignoring NotFound error
('--cleanup'), this one is already there
Honza
-- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
