On 05/28/2015 04:57 PM, Simo Sorce wrote:
> On Thu, 2015-05-28 at 16:14 +0200, Martin Kosek wrote:
>> On 05/28/2015 04:07 PM, Simo Sorce wrote:
>>> On Thu, 2015-05-28 at 16:02 +0200, Martin Kosek wrote:
>>>> On 05/28/2015 04:00 PM, Simo Sorce wrote:
>>>>> On Thu, 2015-05-28 at 15:47 +0200, Martin Kosek wrote:
>>>>>> On 05/27/2015 04:59 PM, Martin Kosek wrote:
>>>>>> ...
>>>>>>> Domain Levels
>>>>>>> - Done, committed
>>>>>>> - Defaults to Level 1, i.e. Topology plugin powered infra enabled
>>>>>>
>>>>>> With respect to related Simo's response in
>>>>>> http://www.redhat.com/archives/freeipa-devel/2015-May/msg00553.html
>>>>>>
>>>>>> Would we want to enable Topology (i.e. Domain Level 1) even if Replica
>>>>>> promotion is not done? I thought we do as I see those as orthogonal 
>>>>>> features.
>>>>>> Replica promotion would take advantage of the Topology plugin, but it 
>>>>>> does not
>>>>>> mean you cannot benefit from Topology plugin without it.
>>>>>>
>>>>>> You can still use the API to see/manage the topology and set replication
>>>>>> settings with it. You do not need Replica Promotion for that...
>>>>>
>>>>> You cannot move for domain level 0 to 1 automatically anyway. So this is
>>>>> a moot point to some degree. In general we need to have the code that
>>>>> checks for the domain level version to be able to change the level, so
>>>>> we need new code in replicas to publish the supported domain level
>>>>> version and code in the install patchs to check that we can actually
>>>>> join a domain given its current domain level status.
>>>>>
>>>>> These checks are absolutely a critical blocker to enable the whole
>>>>> domain-level feature.
>>>>
>>>> All the functionality you describe and the checks should be already there. 
>>>> I
>>>> was really only asking about the default domain level for *new* 
>>>> installations
>>>>
>>>> Old/upgraded FreeIPA will be on the Domain Level 0 of course.
>>>
>>> I think new installation should be on 1 but only if we have decided and
>>> finalized what "level 1" is.
>>>
>>> Simo.
>>>
>>
>> In my mind, Domain Level 1 means:
>>
>> - Topology plugins is activated for all replicas and manages the agreements
>> - All changes to topology can be only made via topology-* commands
>> - ipa-replica-manage connect|disconnect are not allowed
> 
> Ok, if we want to restrict it to this then fine.
> In my original plan level 1 also meant the KISS/Custodia service is
> available on all master. If not then we cannot depend on it and we
> cannot fully finish the work on replica promotion w/o requiring the
> replica package anymore.

The Custodia/Replica promotion will depend on Topology plugin to be there, but
I do not think we necessarily need to make it a new Domain Level just for it.
During "ipa-replica-install", the installer can simply check if Custodia is
accessible on remote server and bail out if it is not accessible and it does
not have the replica file.

Martin

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to