[Freeipa-devel] Fwd: Re: ipa topology command

Ludwig Krispenz lkrispen at redhat.com
Mon May 18 18:10:01 UTC 2015 

On 05/18/2015 06:37 PM, Petr Vobornik wrote:
> On 05/18/2015 06:21 PM, Ludwig Krispenz wrote:
>>
>> On 05/18/2015 06:05 PM, Ludwig Krispenz wrote:
>>> Hi,
>>> I started this discussion with Petr, but he thinks it should be better
>>> discussed here.
>>> Ludwig
>>> -------- Original Message --------
>>> Subject:     Re: ipa topology command
>>> Date:     Mon, 18 May 2015 17:48:10 +0200
>>> From:     Petr Vobornik <pvoborni at redhat.com>
>>> To:     Ludwig Krispenz <lkrispen at redhat.com>
>>>
>>>
>>>
>>> On 05/18/2015 04:25 PM, Ludwig Krispenz wrote:
>>> > Hi,
>>> >
>>> > when testing I noticed an incompleteness in the topologysegment-mod
>>> > function.
>>> > A segment can be onedirectional or bidirectional, and with
>>> > topologysegment-mod one should be able to modify params of the
>>> > corresponding replication agreement(s). In the design I had  a
>>> concept of
>>> > attributename[;left | ;right ] to apply the change to one or both
>>> > directions. In the plugin this is implemented, but in the ipa 
>>> comand it
>>> > isn't. I thought it wouldn't matter since in ipa we want to have
>>> > replication agreements identical.
>>> > But there is one important exception: init (
>>> nsds5beginreplicarefresh ),
>>> > which should always be onedirectional.
>>> >
>>> > Do you have an idea how to simply chnage this ?
>>> >
>>> > Thanks,
>>> > Ludwig
>>>
>>> I'm not sure if I understand the issue correctly. But will try.
>>>
>>> Subtypes are not widely used in ipalib yet so there might be some
>>> dragons. I general an attribute with known subtypes should be 
>>> handled as
>>> multiple distinct attributes(params in ipalib), e.g.,:
>>> nsds5beginreplicarefresh;left
>>> nsds5beginreplicarefresh;right
>> ok, for this special attribute it would make sense since initializatiion
>> (refresh should be only in one direction), same is probably true for
>> 'enable'.
>> for other manage attrs,
>> attributename: value should apply to both directions (in a bidirectional
>> segment)
>> attributename;left: value
>> or
>> attributename;right: value
>>
>> should override the settings for one direction, at the moment I don't
>> see a valid use case, but since a bidirectional segment handles two
>> replication agreements, I did at least provide the possibility.
>> But except nsds5beginreplicarefresh I don't think we need to provide
>> this in the first versioj of the ipa command.
>>>
>>> The main question is for which attributes we should support specifying
>>> both direction.
>>>
>>> Wrt init:
>>> I actually didn't know what the attribute was for but after reading [1]
>>> I think that this attribute shouldn't be handled as a free-form string
>>> attribute because it starts an operation and then displays its status
>>> until it finishes.
>> it just updates the attribute of the segment, the modification is
>> replicated to all other servers and the master whom it concerns will
>> start an online init,
>
> Does "stop" work as well?
nsds5beginreplicarefresh accepts also "stop" and "cancel", but this has 
some different meaning, not stopping the online initialization.
I would only care about "start", and this is needed.
>
>> no automatic monitoring provided. If you want this, we need to extend
>> what status information is mainained in the shared tree.
>
> Since there is no update of state of the init process and the fact 
> that the attr is cleared when target replica gets the info 
> ('starẗ́'|'stop'), I think that there is no value in having it as a 
> param(ie output of -show command) because it will be almost always 
> empty and therefore no useful information would be displayed to a user.
it is no need to show it in the show command, but ist should be visible 
as an option in the topologysegment-mod command, maybe even without 
accepting a value,
using init-left-right or init-right-left and automatically providing  
"start" as value.
>
>>> If the plugin updates the attribute with the
>>> initialization state then IMHO these are the step we should take
>>> (details could be different):
>>> 1. create both attributes:
>>>
>>>      Str(
>>>          'nsds5beginreplicarefresh;left',
>>>          cli_name='init-left',
>>>          label='Left node initialization',
>>>          doc='Status of initialization of left node',
>>>          flags=['no_create', 'no_update', 'no_search'],
>>>      ),
>>>
>>>      Str(
>>>          'nsds5beginreplicarefresh;right',
>>>          cli_name='init-right',
>>>          label='Right node initialization',
>>>          doc='Status of initialization of right node',
>>>          flags=['no_create', 'no_update', 'no_search'],
>>>      ),
>> yes that would do it, maybe init-fromleft or init-from-right would be
>> clearer
>>>
>>> The attribute was made read-only so it can't be modified using
>>> segment-mod but segment-show would show its status.
>> what do you mean by was made read-only ?
>
> That it won't be listed as an option of topologysegment-mod command 
> and therefore user is forced to use the init command 
which init command do you refer to ?
> (if I don't count --setattr option).
>
>>>
>>> 2. Create:  ipa topologysegment-init SEGMENT 'left'|'right'
>>>
>>> It would set 'start' to:
>>> nsds5beginreplicarefresh;left or nsds5beginreplicarefresh;right
>>>
>>> This would start the initialization process of the chosen node.
>>>
>>> 3. Create: ipa topologysegment-stop-init SEGMENT 'left'|'right'
>>>
>>> It would set 'stop' to:
>>> nsds5beginreplicarefresh;left or nsds5beginreplicarefresh;right
>>>
>>> This would stop the initialization process of the chosen node.
>>>
>>> An alternative could be `ipa topologysegment-init SEGMENT 
>>> 'left'|'right'
>>> --stop`
>>>
>>>
>>> 4. Examine other nsds5* attributes if they require similar change or a
>>> change in accepted values (eg, int for nsds5replicatimeout, on|off for
>>> nsds5replicaenabled, ...)
>>>
>>> Btw, what about nsDS5ReplicaLastInitStart|Status|End attrs, is there a
>>> plan to support them by the plugin and management UI?
>>>
>>> For the alpha, we could go just with bare params and mod command 
>>> enabled
>>> and then add the separate commands later.
>>>
>>> [1]
>>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#Replication_Attributes_under_cnReplicationAgreementName_cnreplica_cnsuffixName_cnmapping_tree_cnconfig-nsDS5BeginReplicaRefresh 
>>>
>>>

More information about the Freeipa-devel mailing list