[Freeipa-devel] [PATCH] manage replication topology in the shared tree

thierry bordaz tbordaz at redhat.com
Mon Apr 20 16:00:34 UTC 2015 

On 04/13/2015 10:56 AM, Ludwig Krispenz wrote:
> Hi,
>
> in the attachment you find the latest state of the "topology plugin", 
> it implements what is defined in the design page: 
> http://www.freeipa.org/page/V4/Manage_replication_topology (which is 
> also waiting for a reviewer)
>
> It contains the plugin itself and  a core of ipa commands to manage a 
> topology. to be really applicable, some work outside is required, eg 
> the management of the domain level and a decision where the binddn 
> group should be maintained.
>
> Thanks,
> Ludwig
>
>
Hello Ludwig,

Quite long review to do. So far I only looked at the startup phase and I 
have only few questions and comments.

In ipa_topo_start, do you need to get argc/argv as you are not using 
plugin-argxx attributes ?


topo_plugin_conf configuration parameters are not freed when the plugin 
is closed. Is it closed only at shutdown ?
Also I would initiatlize it to {NULL}.

In case the config does not contain any 
nsslapd-topo-plugin-shared-replica-root, I wonder if 
ipa_topo_apply_shared_config may crash as shared_replica_root will be NULL.
or at least in 
ipa_topo_apply_shared_replica_config/ipa_topo_util_get_replica_conf.

Also if nsslapd-topo-plugin-shared-replica-root contains an invalid root 
suffix (typo), topoRepl remains NULL and 
ipa_topo_util_get_replica_conf/ipa_topo_cfg_replica_add can crash.

In ipa_topo_util_segment_from_entry, if the config entry has no 
direction/left/right it will crash. Shouldn't it return an error if the 
config is invalid.

The update of domainLevel may start the plugin. If two mods update the 
domainLevel they could be done in parallele.


In ipa_topo_util_update_agmt_list, if there is a marked agmnt but no 
segment it deletes the agreement.
Is it possible there is a segment but no agmnt ? For example, if the 
server were stopped or crashed after the segment was created but before 
the local config was updated.


Hosts are taken from shared config tree (cn=masters,<cfg>), is it 
possible to have a replica agreement to a host that is not under 
'cn=masters,<cfg>'


thanks
thierry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150420/9c759c58/attachment.htm>

More information about the Freeipa-devel mailing list