Re: [Freeipa-devel] ipa-replica-manage and topology plugin
On Fri, 2014-07-25 at 10:13 +0200, Ludwig Krispenz wrote: Hi, I am working on ticket #4302 and am building a protoptype to verify if the current design [1] will work an what is missing. Now the question comes up, how will this be managed and what happens with eg ipa-replica-manage ? If the topology plugin is deployed and configured it will control all replication related tasks via modifcations of the entries in the shared tree, direct modofications of replication agreements will be rejected. This makes several subcommands of ipa-replica-manage unusable, like connect/disconnect/... . So should the functionality of ipa-replica-manage be changed to use the shared tree or should there be a new command like ipa-topology-manage. I would prefere a new command, so ipa-replica-manage is there if the topology plugin is disabled, also there shoul be some new subcommands like topology-verify, topology-view ... Let me know what you think, I think the current mechanism of *managing* the topology works well, what I'd like to understand is what will change functionality wise with this feature... For some background, I have written the code (but not yet blogged or well documented) how topologies can be managed and defined in puppet... You might be interested in: https://github.com/purpleidea/puppet-ipa/commit/b621b1ae2d33ac2f56874fd7948f45829c6047d7 and https://github.com/purpleidea/puppet-ipa/commit/73712d1b051398c4193b081c3f35eddf679896e2 I define the topology shape algorithmic-ally (eg: ring, flat, star, etc...) and the replica make it happen :) Cheers, James Thanks, Ludwig [1] http://www.freeipa.org/page/V4/Manage_replication_topology ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel signature.asc Description: This is a digitally signed message part ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] ipa-replica-manage and topology plugin
On 07/25/2014 10:29 AM, James wrote: On Fri, 2014-07-25 at 10:13 +0200, Ludwig Krispenz wrote: Hi, I am working on ticket #4302 and am building a protoptype to verify if the current design [1] will work an what is missing. Now the question comes up, how will this be managed and what happens with eg ipa-replica-manage ? If the topology plugin is deployed and configured it will control all replication related tasks via modifcations of the entries in the shared tree, direct modofications of replication agreements will be rejected. This makes several subcommands of ipa-replica-manage unusable, like connect/disconnect/... . So should the functionality of ipa-replica-manage be changed to use the shared tree or should there be a new command like ipa-topology-manage. I would prefere a new command, so ipa-replica-manage is there if the topology plugin is disabled, also there shoul be some new subcommands like topology-verify, topology-view ... Let me know what you think, I think the current mechanism of *managing* the topology works well, what I'd like to understand is what will change functionality wise with this feature... the major change is that with this plugin replication information will be in the shared tree and so everything is available on any server and can be changed on any server, no creation of individual repl agreements need to be setup. what ipa-replica-manage connect does would be achieved, by adding a segment to the topology tree, this would be replicated and on each affected endpoint, the plugin would create the agreement For some background, I have written the code (but not yet blogged or well documented) how topologies can be managed and defined in puppet... You might be interested in: https://github.com/purpleidea/puppet-ipa/commit/b621b1ae2d33ac2f56874fd7948f45829c6047d7 and https://github.com/purpleidea/puppet-ipa/commit/73712d1b051398c4193b081c3f35eddf679896e2 I define the topology shape algorithmic-ally (eg: ring, flat, star, etc...) and the replica make it happen :) I will look into this, but after a first quick look it turnes out that ipa-replica-manage is already used in other applications, not only by admins on the command line, so probably the changes should be inside ipa-replica-manage and transparent to other apps. Cheers, James Thanks, Ludwig [1] http://www.freeipa.org/page/V4/Manage_replication_topology ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] ipa-replica-manage and topology plugin
Ludwig Krispenz wrote: Hi, I am working on ticket #4302 and am building a protoptype to verify if the current design [1] will work an what is missing. Now the question comes up, how will this be managed and what happens with eg ipa-replica-manage ? If the topology plugin is deployed and configured it will control all replication related tasks via modifcations of the entries in the shared tree, direct modofications of replication agreements will be rejected. This makes several subcommands of ipa-replica-manage unusable, like connect/disconnect/... . So should the functionality of ipa-replica-manage be changed to use the shared tree or should there be a new command like ipa-topology-manage. I would prefere a new command, so ipa-replica-manage is there if the topology plugin is disabled, also there shoul be some new subcommands like topology-verify, topology-view ... Let me know what you think, Thanks, Ludwig [1] http://www.freeipa.org/page/V4/Manage_replication_topology It occurs to me this could make for a bumpy transition. It would mean that an older master can't manage the topology of a new master since ipa-replica-manage on that old master is going to try to make direct changes. So I suppose we need at least good error messages and documentation. Given that when it comes to upgrading we recommending doing it fairly quickly. We can add to that that recommendation any topology management should be done from the newest master. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
