On 22/07/15 17:13, German Parente wrote:
imho, nsslapd-db-locks is an "advanced" parameter and should be set by customer
at RHDS level, not at replica creation.
The problem we have had at customer site is that the default was not enough to
do the replication total update. So, replica creation was failing and we
couldn't workaround it but by changing the dse template.
What I was thinking, since any node in IPA is rather identical, and keeps the
same database, is that some settings could be copied from master replica.
To explain a little bit my idea, if I configure a master node with, for instance, some
"cache" settings or "maximum number of locks", it's clear that I would like all
the other nodes with similar settings since the db they will contain is the same.
So, if I configure master to have some particular number of db-locks or
particular cache size, why not helping the customer to have the same values in
all their nodes ? Ok, we could think that he could have a different
hardware/resources by node but in general, it would be reasonable to keep those
settings through all the nodes.
The problem of the initial value for db-locks is not still solved (Ludwig could probably
give a hint here) but having this sort of "configuration copy", in a future
situation, we could ask the customer to, eventually, change the db locks at master node
side, and this will be propagated to all nodes to have, in this case, total update
We do not support this kind of central configuration (yet?). Changes in
cn=config tree are local only, and currently IPA has no way how to
change that on all replicas at once, so that value will not be in sync
with other replicas.
And also DS must be in shutdown state to be able to change the db locks
value, this is even level above.
Of course, I don't know the internals and scenarios enough to see if this could
be reasonable to implement or if there's any drawback.
Thanks and regards,
I would wait for Ludwig investigation/recommendation, which solution use.
----- Original Message -----
From: "Martin Basti" <mba...@redhat.com>
To: "freeipa-devel" <firstname.lastname@example.org>, "German Parente"
Sent: Wednesday, July 22, 2015 3:56:37 PM
Subject: [PATCH 0293] Allow to set number of DB locks during install
I attached WIP patch to solve https://fedorahosted.org/freeipa/ticket/4949
I received several suggestions:
1) (implemented in patch) is to add the option --db-locks to installer
(maybe as hidden option)
2) Configure the nsslapd-db-locks to higher value as default (what is
the right value?)
3) Combination of 1and 2: set default higher value and also have hidden
option to allow configure higher number of locks during install
Comments are more than welcome :-)
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code