[Freeipa-devel] Fwd: Re: ipa topology command

Petr Vobornik pvoborni at redhat.com
Mon May 18 16:37:17 UTC 2015 

On 05/18/2015 06:21 PM, Ludwig Krispenz wrote:
>
> On 05/18/2015 06:05 PM, Ludwig Krispenz wrote:
>> Hi,
>> I started this discussion with Petr, but he thinks it should be better
>> discussed here.
>> Ludwig
>> -------- Original Message --------
>> Subject:     Re: ipa topology command
>> Date:     Mon, 18 May 2015 17:48:10 +0200
>> From:     Petr Vobornik <pvoborni at redhat.com>
>> To:     Ludwig Krispenz <lkrispen at redhat.com>
>>
>>
>>
>> On 05/18/2015 04:25 PM, Ludwig Krispenz wrote:
>> > Hi,
>> >
>> > when testing I noticed an incompleteness in the topologysegment-mod
>> > function.
>> > A segment can be onedirectional or bidirectional, and with
>> > topologysegment-mod one should be able to modify params of the
>> > corresponding replication agreement(s). In the design I had  a
>> concept of
>> > attributename[;left | ;right ] to apply the change to one or both
>> > directions. In the plugin this is implemented, but in the ipa comand it
>> > isn't. I thought it wouldn't matter since in ipa we want to have
>> > replication agreements identical.
>> > But there is one important exception: init (
>> nsds5beginreplicarefresh ),
>> > which should always be onedirectional.
>> >
>> > Do you have an idea how to simply chnage this ?
>> >
>> > Thanks,
>> > Ludwig
>>
>> I'm not sure if I understand the issue correctly. But will try.
>>
>> Subtypes are not widely used in ipalib yet so there might be some
>> dragons. I general an attribute with known subtypes should be handled as
>> multiple distinct attributes(params in ipalib), e.g.,:
>> nsds5beginreplicarefresh;left
>> nsds5beginreplicarefresh;right
> ok, for this special attribute it would make sense since initializatiion
> (refresh should be only in one direction), same is probably true for
> 'enable'.
> for other manage attrs,
> attributename: value should apply to both directions (in a bidirectional
> segment)
> attributename;left: value
> or
> attributename;right: value
>
> should override the settings for one direction, at the moment I don't
> see a valid use case, but since a bidirectional segment handles two
> replication agreements, I did at least provide the possibility.
> But except nsds5beginreplicarefresh I don't think we need to provide
> this in the first versioj of the ipa command.
>>
>> The main question is for which attributes we should support specifying
>> both direction.
>>
>> Wrt init:
>> I actually didn't know what the attribute was for but after reading [1]
>> I think that this attribute shouldn't be handled as a free-form string
>> attribute because it starts an operation and then displays its status
>> until it finishes.
> it just updates the attribute of the segment, the modification is
> replicated to all other servers and the master whom it concerns will
> start an online init,

Does "stop" work as well?

> no automatic monitoring provided. If you want this, we need to extend
> what status information is mainained in the shared tree.

Since there is no update of state of the init process and the fact that 
the attr is cleared when target replica gets the info ('starẗ́'|'stop'), 
I think that there is no value in having it as a param(ie output of 
-show command) because it will be almost always empty and therefore no 
useful information would be displayed to a user.

>> If the plugin updates the attribute with the
>> initialization state then IMHO these are the step we should take
>> (details could be different):
>> 1. create both attributes:
>>
>>      Str(
>>          'nsds5beginreplicarefresh;left',
>>          cli_name='init-left',
>>          label='Left node initialization',
>>          doc='Status of initialization of left node',
>>          flags=['no_create', 'no_update', 'no_search'],
>>      ),
>>
>>      Str(
>>          'nsds5beginreplicarefresh;right',
>>          cli_name='init-right',
>>          label='Right node initialization',
>>          doc='Status of initialization of right node',
>>          flags=['no_create', 'no_update', 'no_search'],
>>      ),
> yes that would do it, maybe init-fromleft or init-from-right would be
> clearer
>>
>> The attribute was made read-only so it can't be modified using
>> segment-mod but segment-show would show its status.
> what do you mean by was made read-only ?

That it won't be listed as an option of topologysegment-mod command and 
therefore user is forced to use the init command (if I don't count 
--setattr option).

>>
>> 2. Create:  ipa topologysegment-init SEGMENT 'left'|'right'
>>
>> It would set 'start' to:
>> nsds5beginreplicarefresh;left or nsds5beginreplicarefresh;right
>>
>> This would start the initialization process of the chosen node.
>>
>> 3. Create: ipa topologysegment-stop-init SEGMENT 'left'|'right'
>>
>> It would set 'stop' to:
>> nsds5beginreplicarefresh;left or nsds5beginreplicarefresh;right
>>
>> This would stop the initialization process of the chosen node.
>>
>> An alternative could be `ipa topologysegment-init SEGMENT 'left'|'right'
>> --stop`
>>
>>
>> 4. Examine other nsds5* attributes if they require similar change or a
>> change in accepted values (eg, int for nsds5replicatimeout, on|off for
>> nsds5replicaenabled, ...)
>>
>> Btw, what about nsDS5ReplicaLastInitStart|Status|End attrs, is there a
>> plan to support them by the plugin and management UI?
>>
>> For the alpha, we could go just with bare params and mod command enabled
>> and then add the separate commands later.
>>
>> [1]
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#Replication_Attributes_under_cnReplicationAgreementName_cnreplica_cnsuffixName_cnmapping_tree_cnconfig-nsDS5BeginReplicaRefresh
>>
-- 
Petr Vobornik

More information about the Freeipa-devel mailing list