On 06/15/2016 03:50 PM, thierry bordaz wrote:
Hello,

    The subject of provisioning was discussed
    https://www.redhat.com/archives/freeipa-devel/2016-May/msg00065.html.
    The documentation of the provisioning procedure is still going on
    but reviewing it I have a doubt about RetroCL/Content_Sync.

    Provisioning will be done with high recommendations/constraints:

      * The provisioned instance should not be accessed by ldap client
        during provisioning.
      * The IPA deployment should contain only one server (the one
        used for provisioning) in order to prevent replication latency

    During provisioning, disabling RetroCL/Content_Sync gives a ~10%
    improvements (reducing the #ADD).

    The drawback of disabling RetroCL/Content_Sync is that the
    provisioned instance will not be able to send provisioned entries
    through syncRepl.
    Now considering that the provisioned instance is unique in the
    topology and will do full init of replicas, I think SyncRepl is
    useless and then we can disable RetroCL/Content_Sync during
    provisioning.

If the server was running before you do the provisioning there might be existing sync repl clients which have a cookie, if you disable rcl and sync repl for a while and they do a refresh later with that cookie, they will miss changes. At the moment I don't see a way to check that this cookie is invalid and a total refresh has to be done

     Anyone is seeing a problem if those plugins are disabled during
    provisioning ?

    thanks
    thierry




--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to