[Freeipa-devel] [PATCH] 0024 - Better random ranges
Simo Sorce
ssorce at redhat.com
Tue Dec 7 13:13:15 UTC 2010
On Tue, 07 Dec 2010 07:40:36 -0500
Stephen Gallagher <sgallagh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/06/2010 06:51 PM, Simo Sorce wrote:
> >
> > This patch reduced the size of the default range (from 1 million to
> > 200.000) and also changes the way the range is selected.
> > Instead of starting at a completely random number, it selects 1 out
> > of 10000 random 200k ranges so that the range starts at multiples
> > of 200k.
> >
> > This makes it so that 2 different installs either do not overlap at
> > all or overlap completely (once in 10k times) instead of potentially
> > partially overlapping.
> >
>
> Instead of using a random number here, why don't we do something more
> predictable (so installing FreeIPA on the same machine will hit the
> same range).
>
> Something we used to do at my old job was base it on the IPv4 address
> of the primary network adapter in the machine. Basically, we could
> take the integer representation of the IP address, take the modulus
> 10000 of it, and choose the range from that.
That's not needed, if you want to force a specific range you can simply
pass an option to the installer.
> This would also provide a guarantee that replicas on the same network
> would get unique ranges (instead of a 1 in 10,000 chance of doubling
> up).
Replicas take a cut of the range from the first master, sharing the
assigned initial range between them (see the DNA plugin[1] Shared
config to understand how it works)
> These are just suggestions. The patch as it exists right now looks
> fine to me (though I haven't tested it).
I have tested it :)
Simo.
[1] http://directory.fedoraproject.org/wiki/DNA_Plugin
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list