[Freeipa-devel] [PATCH] 921 fix existing replication agreements
Martin Kosek
mkosek at redhat.com
Mon Jan 30 12:46:38 UTC 2012
On Fri, 2012-01-13 at 10:10 -0500, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > A bug when creating replication agreements has caused memberOf to be
> > dropped from the exclusion list. This patch adds a tool that will find
> > and fix the agreements. It will be run when the package is installed so
> > end-users should never need to do anything, but it is harmless if run
> > multiple times.
> >
> > rob
>
> The wrong list attribute was being updated, this new patch updates
> nsDS5ReplicatedAttributeList instead of nsDS5ReplicatedAttributeListTotal.
>
> rob
The script itself works fine. I would just remove:
+ config.add_standard_options(parser)
as these options are not used in the script anyway:
--realm=REALM Override default IPA realm
--server=SERVER Override default IPA server
--domain=DOMAIN Override default IPA DNS domain
The script install/tools/ipa-managed-entries has the same kind of error.
My main concern is if it is conceptually OK to create a separate script
for one-time fixes like this one. What if we find another problem with
replica agreements where we would need to update existing agreements?
Would we create another fix tool or enhance ipa-fixreplica? I am just
afraid that in time we would "pollute" our ipa-* tool collection with
one time fixes.
Maybe we could move this agreement fix to a plugin in ipa-ldap-updater
or create a more general tool for one-time fixes like this one. I am
thinking about something like this:
ipa-server-remedy [-l/--list] [-u/--unit] [-d/--debug] [-t/--test]
When run without options it would run all remedy "plugins" to fix all
possible one-time errors. There would be also these options:
--list: list all remedy "plugins". In this case there would be just this
one
--unit: run just the chosen remedy "plugin"
--debug, --test: the same functionality as in your patch
Martin
More information about the Freeipa-devel
mailing list