[Freeipa-devel] Move replication topology to the shared tree

[Simo Sorce]

On Mon, 2014-06-02 at 16:53 +0200, thierry bordaz wrote:
> If server parameters are changed (port number, repl_admin or DM 
> password) will it trigger the corresponding modification on the
> shared 
> tree on the remote server ?

Well in the IPA case we do not have these issues as those parameters
either do not change or are not used.

IE, port does not change, it is always the same for all servers
repl admin does not change. DM password is not used (we use GSSAPI for
auth).

I guess we could add optional parameters like:
left-port: 12345
left-admin: cn=foo
right-password: ${SHA-256}ERGSERGDFSGDSF
right-auth: PLAIN

or similar, but I would defer adding 'non-standard' knobs to a later
version. I think v1 should focus on the minimal set of options we need
to make it work well in IPA. I want us to concentrate on getting the
'topology' part right and awesome, not bog ourselves down in
'compatibility' issues to broaden the usability of it. 

Once we get it working great within the IPA scope then we can try to
make it more generally usable adding support for corner cases and so on.

Keep in mind if you have special needs you will always be able to
manually add replication agreements that are not managed by the plugin.

Perhaps we can even add an attribute like: topology-exception: TRUE so
that the topology plugin will explicitly avoid touching it even if it
normally would be matching the normal topology criteria and the topology
plugin would normally try to own it.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York