[Freeipa-devel] New replica installation and topology - we need stable base
Simo Sorce
ssorce at redhat.com
Thu May 28 14:57:39 UTC 2015
On Thu, 2015-05-28 at 16:14 +0200, Martin Kosek wrote:
> On 05/28/2015 04:07 PM, Simo Sorce wrote:
> > On Thu, 2015-05-28 at 16:02 +0200, Martin Kosek wrote:
> >> On 05/28/2015 04:00 PM, Simo Sorce wrote:
> >>> On Thu, 2015-05-28 at 15:47 +0200, Martin Kosek wrote:
> >>>> On 05/27/2015 04:59 PM, Martin Kosek wrote:
> >>>> ...
> >>>>> Domain Levels
> >>>>> - Done, committed
> >>>>> - Defaults to Level 1, i.e. Topology plugin powered infra enabled
> >>>>
> >>>> With respect to related Simo's response in
> >>>> http://www.redhat.com/archives/freeipa-devel/2015-May/msg00553.html
> >>>>
> >>>> Would we want to enable Topology (i.e. Domain Level 1) even if Replica
> >>>> promotion is not done? I thought we do as I see those as orthogonal features.
> >>>> Replica promotion would take advantage of the Topology plugin, but it does not
> >>>> mean you cannot benefit from Topology plugin without it.
> >>>>
> >>>> You can still use the API to see/manage the topology and set replication
> >>>> settings with it. You do not need Replica Promotion for that...
> >>>
> >>> You cannot move for domain level 0 to 1 automatically anyway. So this is
> >>> a moot point to some degree. In general we need to have the code that
> >>> checks for the domain level version to be able to change the level, so
> >>> we need new code in replicas to publish the supported domain level
> >>> version and code in the install patchs to check that we can actually
> >>> join a domain given its current domain level status.
> >>>
> >>> These checks are absolutely a critical blocker to enable the whole
> >>> domain-level feature.
> >>
> >> All the functionality you describe and the checks should be already there. I
> >> was really only asking about the default domain level for *new* installations
> >>
> >> Old/upgraded FreeIPA will be on the Domain Level 0 of course.
> >
> > I think new installation should be on 1 but only if we have decided and
> > finalized what "level 1" is.
> >
> > Simo.
> >
>
> In my mind, Domain Level 1 means:
>
> - Topology plugins is activated for all replicas and manages the agreements
> - All changes to topology can be only made via topology-* commands
> - ipa-replica-manage connect|disconnect are not allowed
Ok, if we want to restrict it to this then fine.
In my original plan level 1 also meant the KISS/Custodia service is
available on all master. If not then we cannot depend on it and we
cannot fully finish the work on replica promotion w/o requiring the
replica package anymore.
Simo.
More information about the Freeipa-devel
mailing list