[Freeipa-devel] [PATCH] 38 Move Managed Entries into their own container in the replicated space.

Rob Crittenden rcritten at redhat.com
Tue Sep 13 13:38:11 UTC 2011


JR Aquino wrote:
> On Sep 8, 2011, at 10:41 AM, JR Aquino wrote:
>
>> On Sep 8, 2011, at 10:06 AM, JR Aquino wrote:
>>
>>> On Sep 8, 2011, at 4:38 AM, Martin Kosek wrote:
>>>
>>>> On Tue, 2011-09-06 at 22:33 +0000, JR Aquino wrote:
>>>>> On Jul 22, 2011, at 6:54 AM, Martin Kosek wrote:
>>>>>
>>>>>> On Thu, 2011-07-21 at 23:00 +0000, JR Aquino wrote:
>>>>>>> Create: cn=Managed Entries,cn=etc,$SUFFIX
>>>>>>> Create: cn=Definitions,cn=Managed Entries,cn=etc,$SUFFIX
>>>>>>> Create: cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
>>>>>>>
>>>>>>> Create method for migrating any and all custom Managed Entries from
>>>>>>> the cn=config space into the new container.
>>>>>>>
>>>>>>> The Managed Entries plugin configurations weren't being created on
>>>>>>> replica installs.
>>>>>>>
>>>>>>> This patch addresses two seperate tickets and accounts for
>>>>>>> new installs, replica installs, and upgrades.
>>>>>>>
>>>>>>> https://fedorahosted.org/freeipa/ticket/1181 - Managed Entry Tool / New Container<A separate patch will cover the management tool>
>>>>>>> https://fedorahosted.org/freeipa/ticket/1222 - Add Managed Entries during Replica installation<extended solution>
>>>>>>
>>>>>> I found few issues with the patch (tested along with 25):
>>>>>>
>>>>>> 1) When upgrading an old instance, NGP and UGP definitions in
>>>>>> cn=Managed Entries,cn=plugins,cn=config were not deleted. This lead to 2
>>>>>> managed entries plugin definitions
>>>>>
>>>>> Fixed this condition.  389 prohibits the deletion of Managed Entries while they are active.
>>>>> I had to perform the repointing to the new cn=etc container, perform the migration of the legacy configs, then perform a restart of dirsrv.
>>>>>
>>>>>>
>>>>>> 2) Managed entries on a replica didn't work for me. For example UPG was
>>>>>> created on a master, but was not on a replica
>>>>>
>>>>> This should also be resolved now.
>>>>>
>>>>>>
>>>>>> Martin
>>>>>>
>>>>>
>>>>> I had to break out the connection code in update for ldapupdate.py so that connections could be reestablished post dirsrv restart.
>>>>>
>>>>> I also had to create a service class to perform the restart.
>>>>>
>>>>> installutils.py has been modified to provide wait_for_open_socket() similar to wait_for_open_port()
>>>>>
>>>>
>>>> Hello JR,
>>>>
>>>> I tested you patch, it works fine for both upgrading the replicas and
>>>> new installations. Old Managed Entries definitions were successfully
>>>> deleted.
>>>>
>>>> I just found few issues with the patch format itself:
>>>>
>
>>>> 1) Commit message is all wrong, its all on the Subject line which is
>>>> then put to commit title during "git am". I suggest using our standard
>>>> commit message formatting:
>>>>
>>>> COMMIT_TITLE
>>>>
>>>> COMMIT_DESCRIPTION
>>>>
>>>> TRAC_TICKET_LINK
>>>>
>>>> 2) There were few whitespace errors:
>>>> $ git apply ~/freeipa-jraquino-0038-Move-Managed-Entries-into-their-own-container.patch
>>>> /home/mkosek/freeipa-jraquino-0038-Move-Managed-Entries-into-their-own-container.patch:519: trailing whitespace.
>>>>
>>>> /home/mkosek/freeipa-jraquino-0038-Move-Managed-Entries-into-their-own-container.patch:526: trailing whitespace.
>>>>
>>>> Otherwise the patch looks good to me, if it is OK with Rob (since he
>>>> wrote the entire ldapupdate.py) I think we can push it after you fix the
>>>> 2 changes I proposed.
>>>
>>> Fixed the whitespace errors and adjusted the commit message.
>>>
>>> <freeipa-jraquino-0038-Move-Managed-Entries-into-their-own-container.patch>
>>
>> Self NAK
>>
>> Looks like I missed a piece in this recent patch that creates the cn=etc containers out of order.
>>
>> New patch to follow shortly
>
> Ok.
>
> Whitespace errors corrected
> Commit Format Corrected
> Order of creation for Managed Entry Container is now corrected
>
> Martin if you could do a quick double check to make sure everything still looks clean to you.
>
> After that, I believe it just needs Rob's blessing.
>

ACK, pushed to master and ipa-2-1.

rob




More information about the Freeipa-devel mailing list