[Freeipa-devel] automount in LDAP

Sat Nov 8 01:35:06 UTC 2008

Simo Sorce wrote:
> On Fri, 2008-11-07 at 15:18 -0500, Dmitri Pal wrote:
>   
>> Simo Sorce wrote:
>>     
>>> On Fri, 2008-11-07 at 12:07 -0500, Dmitri Pal wrote:
>>>   
>>>       
>>>>> If we add some sort of location identifier for automount what 
>>>>> implications does this have for other features? Do we want to have 
>>>>> per-location settings for anything else?
>>>>>
>>>>> My plan is to embed the location into the DN of the automount map and 
>>>>> key names using cn.
>>>>>
>>>>> For the UI we'll need some method of selecting/managing this list of 
>>>>> locations (drop-down box comes to mind). I'm not sure if storing this 
>>>>> separately is a good idea or not.
>>>>>
>>>>> I just want to avoid any short-term choices I make don't have 
>>>>> long-term consequences.
>>>>>
>>>>>       
>>>>>           
>>>> Yes I agree . We need to have a more generic approach to that.
>>>>
>>>> I am struggling with understanding how client would determine which 
>>>> location he is in.
>>>> I do not think that it should be based on the server the client is 
>>>> connected to.
>>>> This approach would require servers to serve out data different from 
>>>> data being served by other replica. But what if the client fails over? 
>>>> Does not seem like a good approach  imo.
>>>> So may be using IP address range  would be a better indication?
>>>> May be we have a part of client policy that would say :
>>>>
>>>> Location A: range1, ragne2, range 3
>>>> Location B: range4, ragne5, range 6
>>>>  
>>>> This approach works if you can determine the right IP to check. From my 
>>>> past experience answering the question "which of my IPs is the IP that 
>>>> server sees" is not a trivial answer.
>>>> But let us say we dealt with that. Then as soon as client gets online it 
>>>> would know its IP so it will know its location so it will be able to 
>>>> construct a search filter and add it to the search string.
>>>>     
>>>>         
>>> It is not a simple task, that said I have been working on a document on
>>> DNS based location discovery for some time, I will try to publish it as
>>> soon as I have some time.
>>>
>>>   
>>>       
>>>> I really like the idea of having location as an attribute. Then for any 
>>>> object that client needs to fetch and it can be location specific it 
>>>> would just add to the search filter:
>>>> ( | (location=<determined location>) (!(location))) This will pull down 
>>>> all entries that are specific to the location or entries that are not 
>>>> location specific.
>>>>
>>>> This logic can be then reused across different entities not only mounts.
>>>>     
>>>>         
>>> It is fundamental for SSSD to be able to discover the closest IPA
>>> service and fallback to the next closest in case of problems and so on.
>>> It's a fundamental feature we have been discussing for some time months
>>> ago, I will publish some docs as soon as possible.
>>>
>>> Simo.
>>>
>>>   
>>>       
>> Simo I remember and do not discard that.
>> But I was talking about the fact that affinity and closest server do not 
>> mean that the location of the client is the determined correctly.
>>
>> What if the APAC replica is down and all clients now to use one in 
>> Europe. But they are still in APAC so they need to use APAC mount shares.
>> For the visiting salesman with laptop from Europe his mounts should be 
>> APAC is he visits APAC right though he is affiliated naturally with 
>> European server?
>>
>> These are the scenarios I was talking about . I think determining 
>> location of the client is  different from the affinity and failover logic.
>>     
>
> Determining the location of the client is indeed only a precondition to
> determine which services to use. Depending on the service you want to
> use, policies on which server is appropriate to contact may vary.
>
> Simo.
>
>   
I would say they are two independent things: which server to connect and 
which policies to get.