[Freeipa-devel] New replica installation and topology - we need stable base
Martin Kosek
mkosek at redhat.com
Thu May 28 14:14:50 UTC 2015
On 05/28/2015 04:07 PM, Simo Sorce wrote:
> On Thu, 2015-05-28 at 16:02 +0200, Martin Kosek wrote:
>> On 05/28/2015 04:00 PM, Simo Sorce wrote:
>>> On Thu, 2015-05-28 at 15:47 +0200, Martin Kosek wrote:
>>>> On 05/27/2015 04:59 PM, Martin Kosek wrote:
>>>> ...
>>>>> Domain Levels
>>>>> - Done, committed
>>>>> - Defaults to Level 1, i.e. Topology plugin powered infra enabled
>>>>
>>>> With respect to related Simo's response in
>>>> http://www.redhat.com/archives/freeipa-devel/2015-May/msg00553.html
>>>>
>>>> Would we want to enable Topology (i.e. Domain Level 1) even if Replica
>>>> promotion is not done? I thought we do as I see those as orthogonal features.
>>>> Replica promotion would take advantage of the Topology plugin, but it does not
>>>> mean you cannot benefit from Topology plugin without it.
>>>>
>>>> You can still use the API to see/manage the topology and set replication
>>>> settings with it. You do not need Replica Promotion for that...
>>>
>>> You cannot move for domain level 0 to 1 automatically anyway. So this is
>>> a moot point to some degree. In general we need to have the code that
>>> checks for the domain level version to be able to change the level, so
>>> we need new code in replicas to publish the supported domain level
>>> version and code in the install patchs to check that we can actually
>>> join a domain given its current domain level status.
>>>
>>> These checks are absolutely a critical blocker to enable the whole
>>> domain-level feature.
>>
>> All the functionality you describe and the checks should be already there. I
>> was really only asking about the default domain level for *new* installations
>>
>> Old/upgraded FreeIPA will be on the Domain Level 0 of course.
>
> I think new installation should be on 1 but only if we have decided and
> finalized what "level 1" is.
>
> Simo.
>
In my mind, Domain Level 1 means:
- Topology plugins is activated for all replicas and manages the agreements
- All changes to topology can be only made via topology-* commands
- ipa-replica-manage connect|disconnect are not allowed
Martin
More information about the Freeipa-devel
mailing list