Re: [Freeipa-devel] Fwd: Re: ipa topology command
On 05/18/2015 06:37 PM, Petr Vobornik wrote:
On 05/18/2015 06:21 PM, Ludwig Krispenz wrote:
On 05/18/2015 06:05 PM, Ludwig Krispenz wrote:
Hi,
I started this discussion with Petr, but he thinks it should be better
discussed here.
Ludwig
Original Message
Subject: Re: ipa topology command
Date: Mon, 18 May 2015 17:48:10 +0200
From: Petr Vobornik
To: Ludwig Krispenz
On 05/18/2015 04:25 PM, Ludwig Krispenz wrote:
> Hi,
>
> when testing I noticed an incompleteness in the topologysegment-mod
> function.
> A segment can be onedirectional or bidirectional, and with
> topologysegment-mod one should be able to modify params of the
> corresponding replication agreement(s). In the design I had a
concept of
> attributename[;left | ;right ] to apply the change to one or both
> directions. In the plugin this is implemented, but in the ipa
comand it
> isn't. I thought it wouldn't matter since in ipa we want to have
> replication agreements identical.
> But there is one important exception: init (
nsds5beginreplicarefresh ),
> which should always be onedirectional.
>
> Do you have an idea how to simply chnage this ?
>
> Thanks,
> Ludwig
I'm not sure if I understand the issue correctly. But will try.
Subtypes are not widely used in ipalib yet so there might be some
dragons. I general an attribute with known subtypes should be
handled as
multiple distinct attributes(params in ipalib), e.g.,:
nsds5beginreplicarefresh;left
nsds5beginreplicarefresh;right
ok, for this special attribute it would make sense since initializatiion
(refresh should be only in one direction), same is probably true for
'enable'.
for other manage attrs,
attributename: value should apply to both directions (in a bidirectional
segment)
attributename;left: value
or
attributename;right: value
should override the settings for one direction, at the moment I don't
see a valid use case, but since a bidirectional segment handles two
replication agreements, I did at least provide the possibility.
But except nsds5beginreplicarefresh I don't think we need to provide
this in the first versioj of the ipa command.
The main question is for which attributes we should support specifying
both direction.
Wrt init:
I actually didn't know what the attribute was for but after reading [1]
I think that this attribute shouldn't be handled as a free-form string
attribute because it starts an operation and then displays its status
until it finishes.
it just updates the attribute of the segment, the modification is
replicated to all other servers and the master whom it concerns will
start an online init,
Does "stop" work as well?
nsds5beginreplicarefresh accepts also "stop" and "cancel", but this has
some different meaning, not stopping the online initialization.
I would only care about "start", and this is needed.
no automatic monitoring provided. If you want this, we need to extend
what status information is mainained in the shared tree.
Since there is no update of state of the init process and the fact
that the attr is cleared when target replica gets the info
('starẗ́'|'stop'), I think that there is no value in having it as a
param(ie output of -show command) because it will be almost always
empty and therefore no useful information would be displayed to a user.
it is no need to show it in the show command, but ist should be visible
as an option in the topologysegment-mod command, maybe even without
accepting a value,
using init-left-right or init-right-left and automatically providing
"start" as value.
If the plugin updates the attribute with the
initialization state then IMHO these are the step we should take
(details could be different):
1. create both attributes:
Str(
'nsds5beginreplicarefresh;left',
cli_name='init-left',
label='Left node initialization',
doc='Status of initialization of left node',
flags=['no_create', 'no_update', 'no_search'],
),
Str(
'nsds5beginreplicarefresh;right',
cli_name='init-right',
label='Right node initialization',
doc='Status of initialization of right node',
flags=['no_create', 'no_update', 'no_search'],
),
yes that would do it, maybe init-fromleft or init-from-right would be
clearer
The attribute was made read-only so it can't be modified using
segment-mod but segment-show would show its status.
what do you mean by was made read-only ?
That it won't be listed as an option of topologysegment-mod command
and therefore user is forced to use the init command
which init command do you refer to ?
(if I don't count --setattr option).
2. Create: ipa topologysegment-init SEGMENT 'left'|'right'
It would set 'start' to:
nsds5beginreplicarefresh;left or nsds5beginreplicarefresh;right
This would start the initialization process of the chosen node.
3. Create: ipa topologysegment-stop-init SEGMENT 'left'|'right'
It would set 'stop' to:
nsds5beginreplicar
Re: [Freeipa-devel] Fwd: Re: ipa topology command
On 05/18/2015 06:21 PM, Ludwig Krispenz wrote:
On 05/18/2015 06:05 PM, Ludwig Krispenz wrote:
Hi,
I started this discussion with Petr, but he thinks it should be better
discussed here.
Ludwig
Original Message
Subject: Re: ipa topology command
Date: Mon, 18 May 2015 17:48:10 +0200
From: Petr Vobornik
To: Ludwig Krispenz
On 05/18/2015 04:25 PM, Ludwig Krispenz wrote:
> Hi,
>
> when testing I noticed an incompleteness in the topologysegment-mod
> function.
> A segment can be onedirectional or bidirectional, and with
> topologysegment-mod one should be able to modify params of the
> corresponding replication agreement(s). In the design I had a
concept of
> attributename[;left | ;right ] to apply the change to one or both
> directions. In the plugin this is implemented, but in the ipa comand it
> isn't. I thought it wouldn't matter since in ipa we want to have
> replication agreements identical.
> But there is one important exception: init (
nsds5beginreplicarefresh ),
> which should always be onedirectional.
>
> Do you have an idea how to simply chnage this ?
>
> Thanks,
> Ludwig
I'm not sure if I understand the issue correctly. But will try.
Subtypes are not widely used in ipalib yet so there might be some
dragons. I general an attribute with known subtypes should be handled as
multiple distinct attributes(params in ipalib), e.g.,:
nsds5beginreplicarefresh;left
nsds5beginreplicarefresh;right
ok, for this special attribute it would make sense since initializatiion
(refresh should be only in one direction), same is probably true for
'enable'.
for other manage attrs,
attributename: value should apply to both directions (in a bidirectional
segment)
attributename;left: value
or
attributename;right: value
should override the settings for one direction, at the moment I don't
see a valid use case, but since a bidirectional segment handles two
replication agreements, I did at least provide the possibility.
But except nsds5beginreplicarefresh I don't think we need to provide
this in the first versioj of the ipa command.
The main question is for which attributes we should support specifying
both direction.
Wrt init:
I actually didn't know what the attribute was for but after reading [1]
I think that this attribute shouldn't be handled as a free-form string
attribute because it starts an operation and then displays its status
until it finishes.
it just updates the attribute of the segment, the modification is
replicated to all other servers and the master whom it concerns will
start an online init,
Does "stop" work as well?
no automatic monitoring provided. If you want this, we need to extend
what status information is mainained in the shared tree.
Since there is no update of state of the init process and the fact that
the attr is cleared when target replica gets the info ('starẗ́'|'stop'),
I think that there is no value in having it as a param(ie output of
-show command) because it will be almost always empty and therefore no
useful information would be displayed to a user.
If the plugin updates the attribute with the
initialization state then IMHO these are the step we should take
(details could be different):
1. create both attributes:
Str(
'nsds5beginreplicarefresh;left',
cli_name='init-left',
label='Left node initialization',
doc='Status of initialization of left node',
flags=['no_create', 'no_update', 'no_search'],
),
Str(
'nsds5beginreplicarefresh;right',
cli_name='init-right',
label='Right node initialization',
doc='Status of initialization of right node',
flags=['no_create', 'no_update', 'no_search'],
),
yes that would do it, maybe init-fromleft or init-from-right would be
clearer
The attribute was made read-only so it can't be modified using
segment-mod but segment-show would show its status.
what do you mean by was made read-only ?
That it won't be listed as an option of topologysegment-mod command and
therefore user is forced to use the init command (if I don't count
--setattr option).
2. Create: ipa topologysegment-init SEGMENT 'left'|'right'
It would set 'start' to:
nsds5beginreplicarefresh;left or nsds5beginreplicarefresh;right
This would start the initialization process of the chosen node.
3. Create: ipa topologysegment-stop-init SEGMENT 'left'|'right'
It would set 'stop' to:
nsds5beginreplicarefresh;left or nsds5beginreplicarefresh;right
This would stop the initialization process of the chosen node.
An alternative could be `ipa topologysegment-init SEGMENT 'left'|'right'
--stop`
4. Examine other nsds5* attributes if they require similar change or a
change in accepted values (eg, int for nsds5replicatimeout, on|off for
nsds5replicaenabled, ...)
Btw, what about nsDS5ReplicaLastInitStart|Status|End attrs, is there a
plan to support them by the plugin and management UI?
For the alpha, we could go just with bare
Re: [Freeipa-devel] Fwd: Re: ipa topology command
On 05/18/2015 06:05 PM, Ludwig Krispenz wrote: Hi, I started this discussion with Petr, but he thinks it should be better discussed here. Ludwig Original Message Subject:Re: ipa topology command Date: Mon, 18 May 2015 17:48:10 +0200 From: Petr Vobornik To: Ludwig Krispenz On 05/18/2015 04:25 PM, Ludwig Krispenz wrote: > Hi, > > when testing I noticed an incompleteness in the topologysegment-mod > function. > A segment can be onedirectional or bidirectional, and with > topologysegment-mod one should be able to modify params of the > corresponding replication agreement(s). In the design I had a concept of > attributename[;left | ;right ] to apply the change to one or both > directions. In the plugin this is implemented, but in the ipa comand it > isn't. I thought it wouldn't matter since in ipa we want to have > replication agreements identical. > But there is one important exception: init ( nsds5beginreplicarefresh ), > which should always be onedirectional. > > Do you have an idea how to simply chnage this ? > > Thanks, > Ludwig This should be probably discussed on the devel list, feel free to resend it there. I'm not sure if I understand the issue correctly. But will try. Subtypes are not widely used in ipalib yet so there might be some dragons. I general an attribute with known subtypes should be handled as multiple distinct attributes(params in ipalib), e.g.,: nsds5beginreplicarefresh;left nsds5beginreplicarefresh;right ok, for this special attribute it would make sense since initializatiion (refresh should be only in one direction), same is probably true for 'enable'. for other manage attrs, attributename: value should apply to both directions (in a bidirectional segment) attributename;left: value or attributename;right: value should override the settings for one direction, at the moment I don't see a valid use case, but since a bidirectional segment handles two replication agreements, I did at least provide the possibility. But except nsds5beginreplicarefresh I don't think we need to provide this in the first versioj of the ipa command. The main question is for which attributes we should support specifying both direction. Wrt init: I actually didn't know what the attribute was for but after reading [1] I think that this attribute shouldn't be handled as a free-form string attribute because it starts an operation and then displays its status until it finishes. it just updates the attribute of the segment, the modification is replicated to all other servers and the master whom it concerns will start an online init, no automatic monitoring provided. If you want this, we need to extend what status information is mainained in the shared tree. If the plugin updates the attribute with the initialization state then IMHO these are the step we should take (details could be different): 1. create both attributes: Str( 'nsds5beginreplicarefresh;left', cli_name='init-left', label='Left node initialization', doc='Status of initialization of left node', flags=['no_create', 'no_update', 'no_search'], ), Str( 'nsds5beginreplicarefresh;right', cli_name='init-right', label='Right node initialization', doc='Status of initialization of right node', flags=['no_create', 'no_update', 'no_search'], ), yes that would do it, maybe init-fromleft or init-from-right would be clearer The attribute was made read-only so it can't be modified using segment-mod but segment-show would show its status. what do you mean by was made read-only ? 2. Create: ipa topologysegment-init SEGMENT 'left'|'right' It would set 'start' to: nsds5beginreplicarefresh;left or nsds5beginreplicarefresh;right This would start the initialization process of the chosen node. 3. Create: ipa topologysegment-stop-init SEGMENT 'left'|'right' It would set 'stop' to: nsds5beginreplicarefresh;left or nsds5beginreplicarefresh;right This would stop the initialization process of the chosen node. An alternative could be `ipa topologysegment-init SEGMENT 'left'|'right' --stop` 4. Examine other nsds5* attributes if they require similar change or a change in accepted values (eg, int for nsds5replicatimeout, on|off for nsds5replicaenabled, ...) Btw, what about nsDS5ReplicaLastInitStart|Status|End attrs, is there a plan to support them by the plugin and management UI? For the alpha, we could go just with bare params and mod command enabled and then add the separate commands later. [1] https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#Replication_Attributes_under_cnReplicationAgreementName_cnreplica_cnsuffixName_cnmapping_tree_cnconfig-nsDS5BeginReplicaRefresh -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mail
