On 01/24/17 12:57, thierry bordaz wrote: > > If I understand correctly the iterations of development I do not understand > why, at this point, you need to reconnect ipabak. > After you create ipabak replica, you take a snapshot of it (let ipabak_0), > then disconnect it from ipa1/ipa2. > > Then you may start incremental dev of the script on the offline ipabak. > Before each test of the script, you just need to get ipabak to ipabak_0. > Am I missing something ? >
ipa1 is not idle while the script is in development. I do not know if these conflicting entries pop up in some new entries on ipa1 while the script is in development. When the script seems to be ready, then I have to verify it with very recent copy of the database before the final run. > >> When the script appears to be ready I have to revert and sync >> ipabak again as above, but instead of disconnecting it from the >> network I have to stop all ipa servers in parallel to take a >> snapshot of each. (All ipa servers are LXC containers.) Next >> start the ipa servers again and run the script on ipabak, now >> connected with ipa1. This should make the changes "official". > > How do you know if the script is ready ? When it resolves all the conflict > entries ? > Hopefully yes, but there were 2 conflicts that already made some problems: deleting entry "cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de" ldap_delete: Server is unwilling to perform (53) additional info: Deleting a managed entry is not allowed. It needs to be manually unlinked first. deleting entry "cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de" ldap_delete: Operations error (1) I got these problems before I became more careful with this. Regards Harri -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project