Bug 247215
Description
Noriko Hosoi
2007-07-06 01:09:46 UTC
Created attachment 158634 [details]
cvs diff ldapserver/ldap/admin/src/scripts/Util.pm.in
Description:
1) introduced delete entry operation. It supports an entry which contains
"changetype: delete" as follows:
dn: cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%,
ou=%domain%, o=NetscapeRoot
changetype: delete
It deletes all the subordinate entries.
2) cleaned up check_and_add code a bit (it's not "and_add" any more, tho... ):
Created attachment 158635 [details]
New: tmpl file used for remove
File: adminserver/admserv/schema/ldif/10rm_dsdata.ldif.tmpl
Description: remove tmpl file to clean up the Configuration entries belonging
to the removed Directory Server instance.
Ok. Is $OP_MOD_SPECIAL used anywhere? (In reply to comment #3) > Ok. Is $OP_MOD_SPECIAL used anywhere? You are right, Rich. It was replaced with this code and not needed any more. I'm removing OP_MOD_SPECIAL code... Thanks! 261 elsif ( (1 == $rc) && !$fresh ) 262 { 263 $op = $OP_MOD; 264 @addtypes = keys %{$aentry}; # add all attrs 265 } Created attachment 158676 [details] cvs commit message (comment #1, #2) Reviewed by Rich (Thank you!) Applied the change Rich suggested, and checked the files in into HEAD. Created attachment 158876 [details]
cvs diff (ldapserver)
Files:
admin/src/create_instance.c
servers/slapd/libglobs.c
servers/slapd/slap.h
Description: adding nsslapd-instancedir to dse.ldif. Note that no setter nor
getter function is implemented. The instance dir info is added to dse.ldif
when the server instance is generated and never meant to be touched. It's
needed for ds_remove to find out the instance directory.
Created attachment 158879 [details]
cvs diff (adminserver)
Modified Files:
Makefile.am
admserv/newinst/src/AdminUtil.pm.in
admserv/newinst/src/adminserver.map.in
admserv/newinst/src/configdsroot.map.in
admserv/newinst/src/dirserver.map.in
admserv/newinst/src/register_param.map.in
admserv/schema/ldif/10rm_dsdata.ldif.tmpl
New Files:
admserv/cgi-src40/ds_remove.in
admserv/cgi-src40/ds_remove.res
Description: adding Perl version of ds_newinst
The script runs as CGI receiving the input "InstanceName" from, e.g., Console.
It gathers the server info using the Resource module and config files -- both
Admin and Directory Servers'.
Then, stops the server, clean up the instance's info from the Configuration
Directory Server, and remove the physical directories and files.
(In reply to comment #7) > Description: adding Perl version of ds_newinst s/ds_newinst/ds_remove/, please... :p Ok, but this looks really strange - https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=158879&action=diff#admserv/schema/ldif/10rm_dsdata.ldif.tmpl_sec1 (In reply to comment #9) > Ok, but this looks really strange - > https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=158879&action=diff#admserv/schema/ldif/10rm_dsdata.ldif.tmpl_sec1 If I keep them, I get the error 32 at the end of the unregister process. And this is the access log which shows the last 2 DELs. At the very end, the SIE entry is removed, indeed... [..] conn=13 op=103 DEL dn="cn=Tasks, cn=slapd-laputa2, cn=Fedora Directory Server, cn=Server Group, cn=<fqdn>, ou=<domain>, o=NetscapeRoot" [..] conn=13 op=103 RESULT err=0 tag=107 nentries=0 etime=0 [..] conn=13 op=104 DEL dn="cn=slapd-laputa2, cn=Fedora Directory Server, cn=Server Group, cn=<fqdn>, ou=<domain>, o=NetscapeRoot" [..] conn=13 op=104 RESULT err=0 tag=107 nentries=0 etime=0 Since the remove is really a recursive remove, the diff should be like this, I guess. I'm running the test with this file... Index: 10rm_dsdata.ldif.tmpl =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/10rm_dsdata.ldif.tmpl,v retrieving revision 1.1 diff -t -w -U4 -r1.1 10rm_dsdata.ldif.tmpl --- 10rm_dsdata.ldif.tmpl 6 Jul 2007 17:41:18 -0000 1.1 +++ 10rm_dsdata.ldif.tmpl 10 Jul 2007 19:41:00 -0000 @@ -29,9 +29,6 @@ dn: cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot changetype: delete -dn: cn=configuration,cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot -changetype: delete - dn: ou="cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot",ou=UserPreferences, ou=%domain%, o=NetscapeRoot changetype: delete (In reply to comment #10) > Since the remove is really a recursive remove, the diff should be like this, I > guess. I'm running the test with this file... No, that's fine, it's the bit after that in the diff. https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=158879&action=diff#admserv/schema/ldif/10rm_dsdata.ldif.tmpl_sec1 There is a lot of perl code in there. Looks like part of ds_remove. Unfortunately, I still get the error 32 with the above 10rm_dsdata.ldif.tmpl. It looks like the error is from Console. Here's the error message: Server instance slapd-laputa2 could not be removed. Error: netscape.LDAPException: error result (32); matchedDN = cn=fedora directory server, cn=server group, cn=laputa.sfbay.redhat.com, ou=sfbay.redhat.com, o=netscaperoot (In reply to comment #11) > No, that's fine, it's the bit after that in the diff. Ah, I see! I think the cause of the corruption is this... I made the attachment as follows. I should have separated the diffs from new files... :p Sorry! cvs diff -twU4 Makefile.am \ admserv/newinst/src/AdminUtil.pm.in \ admserv/newinst/src/adminserver.map.in \ admserv/newinst/src/configdsroot.map.in \ admserv/newinst/src/dirserver.map.in \ admserv/newinst/src/register_param.map.in \ admserv/schema/ldif/10rm_dsdata.ldif.tmpl echo "" echo ============================== echo admserv/cgi-src40/ds_remove.in echo ============================== cat admserv/cgi-src40/ds_remove.in echo "" echo =============================== echo admserv/cgi-src40/ds_remove.res echo =============================== cat admserv/cgi-src40/ds_remove.res So it (In reply to comment #12) > Unfortunately, I still get the error 32 with the above 10rm_dsdata.ldif.tmpl. > It looks like the error is from Console. > Here's the error message: > Server instance slapd-laputa2 could not be removed. Error: > netscape.LDAPException: error result (32); matchedDN = cn=fedora directory > server, cn=server group, cn=laputa.sfbay.redhat.com, ou=sfbay.redhat.com, > o=netscaperoot Looks like the console is also attempting to unregister the instance? If so, perhaps we could remove that code from ds_remove. Or, better, change the console to ignore error 32 in this situation, so we can use ds_remove from the command line as well as from the console. (In reply to comment #14) > Looks like the console is also attempting to unregister the instance? If so, > perhaps we could remove that code from ds_remove. Or, better, change the > console to ignore error 32 in this situation, so we can use ds_remove from the > command line as well as from the console. > A good idea! I've modified Directory Console code a bit to ignore error 32. I'm attaching it next... Created attachment 158913 [details]
cvs diff (directoryconsole)
File: src/com/netscape/admin/dirserv/DSAdmin.java
Description: if searching sieDN returns NO_SUCH_OBJECT, skips the remove
operation and shows "Success!" dialog.
(In reply to comment #16) > Created an attachment (id=158913) [edit] > cvs diff (directoryconsole) > > File: src/com/netscape/admin/dirserv/DSAdmin.java > > Description: if searching sieDN returns NO_SUCH_OBJECT, skips the remove > operation and shows "Success!" dialog. Ok. Created attachment 158917 [details] cvs commit message (ldapserver -- comment #6) Reviewed by Rich (Thank you!!) Checked in into HEAD. Created attachment 158918 [details] cvs commit message (adminserver -- comment #7) Reviewed by Rich (Thank you!!) Checked in into HEAD. Created attachment 158919 [details] cvs commit message (directoryconsole -- comment #16) Reviewed by Rich (Thank you!!) Checked in into HEAD. Created attachment 159392 [details]
New file: command line wrapper for ds_remove
Usage: sbin/ds_removal -s server_id -w admin_password
server_id: Directory server identifier; slapd-<server_id>
admin_password: Administration user password
Created attachment 159393 [details] cvs diff (adminserver) Files: Makefile.am admserv/cgi-src40/ds_remove.in Description: 1) adding ds_removal to the package 2) adding more error checks to ds_remove I have an issue in ds_remove. The script is capable to remove the configuration directory server. But if I run setup-ds-admin.pl after removing the config DS, the script puts [yes] to the default answer, that is, setup-ds-admin.pl thinks the config DS exists. > Do you want to register this software with an existing > configuration directory server? [yes]: I guess if ds_remove removes the config DS, it needs to clean up some more, e.g., admin-serv/adm.conf(?). If I remove the file, the setup-ds-admin.pl puts [no] in the above question. What should we do? Created attachment 159487 [details]
cvs diff (adminserver)
Files:
admserv/cfgstuff/ds_removal.in
admserv/cgi-src40/ds_remove.in
admserv/newinst/src/AdminUtil.pm.in
Description:
1) if the Directory Server to be removed is the Configuration DS, then remove
adm.conf and local.conf from the admin-serv config dir.
2) don't remove the cert and key db; rename the config_dir name to
config_dir.removed. Unless renaming the directory, a new server instance
having the same instance name is not allowed to create.
This is after running ds_removal -s laputa ... # Configuration DS
$ du -a | egrep laputa
20 ./etc/fedora-ds/slapd-laputa.removed/key3.db
20 ./etc/fedora-ds/slapd-laputa.removed/secmod.db
72 ./etc/fedora-ds/slapd-laputa.removed/cert8.db
120 ./etc/fedora-ds/slapd-laputa.removed
$ ls etc/fedora-ds/admin-serv/
admpw admserv.conf console.conf httpd.conf nss.conf
I have one thing to make sure... To figure out if the give instance is the
Configuration Directory Server's or not, I'm using this info in adm.conf:
ldapStart: slapd-laputa/start-slapd
Can I always assume the value of ldapStart is
<config_ds_instance_name>/start-slapd?
Created attachment 160087 [details]
cvs commit message
Checked in into HEAD.
Verified. Pass Test machine: cypher.dsdev.sjc.redhat.com (RHEL5 64bit) Test steps: 1. setup DS and admin 2. run "/usr/sbin/steup-ds.pl" twice to create 2 DS instance 3. run "/usr/sbin/register-ds-admin.pl" to register those two instance to admin server 4. run "redhat-idm-console" to verify these two are showing up at administration panel 5. run "/usr/sbin/ds_removal" to remove the just registered DS instance 6. run "redhat-idm-console" again to verify they are disappear from the administration panel Result: pass |