[Freeipa-devel] New replica installation and topology - we need stable base
Martin Kosek
mkosek at redhat.com
Thu May 28 15:01:30 UTC 2015
On 05/28/2015 04:57 PM, Simo Sorce wrote:
> On Thu, 2015-05-28 at 16:14 +0200, Martin Kosek wrote:
>> On 05/28/2015 04:07 PM, Simo Sorce wrote:
>>> On Thu, 2015-05-28 at 16:02 +0200, Martin Kosek wrote:
>>>> On 05/28/2015 04:00 PM, Simo Sorce wrote:
>>>>> On Thu, 2015-05-28 at 15:47 +0200, Martin Kosek wrote:
>>>>>> On 05/27/2015 04:59 PM, Martin Kosek wrote:
>>>>>> ...
>>>>>>> Domain Levels
>>>>>>> - Done, committed
>>>>>>> - Defaults to Level 1, i.e. Topology plugin powered infra enabled
>>>>>>
>>>>>> With respect to related Simo's response in
>>>>>> http://www.redhat.com/archives/freeipa-devel/2015-May/msg00553.html
>>>>>>
>>>>>> Would we want to enable Topology (i.e. Domain Level 1) even if Replica
>>>>>> promotion is not done? I thought we do as I see those as orthogonal features.
>>>>>> Replica promotion would take advantage of the Topology plugin, but it does not
>>>>>> mean you cannot benefit from Topology plugin without it.
>>>>>>
>>>>>> You can still use the API to see/manage the topology and set replication
>>>>>> settings with it. You do not need Replica Promotion for that...
>>>>>
>>>>> You cannot move for domain level 0 to 1 automatically anyway. So this is
>>>>> a moot point to some degree. In general we need to have the code that
>>>>> checks for the domain level version to be able to change the level, so
>>>>> we need new code in replicas to publish the supported domain level
>>>>> version and code in the install patchs to check that we can actually
>>>>> join a domain given its current domain level status.
>>>>>
>>>>> These checks are absolutely a critical blocker to enable the whole
>>>>> domain-level feature.
>>>>
>>>> All the functionality you describe and the checks should be already there. I
>>>> was really only asking about the default domain level for *new* installations
>>>>
>>>> Old/upgraded FreeIPA will be on the Domain Level 0 of course.
>>>
>>> I think new installation should be on 1 but only if we have decided and
>>> finalized what "level 1" is.
>>>
>>> Simo.
>>>
>>
>> In my mind, Domain Level 1 means:
>>
>> - Topology plugins is activated for all replicas and manages the agreements
>> - All changes to topology can be only made via topology-* commands
>> - ipa-replica-manage connect|disconnect are not allowed
>
> Ok, if we want to restrict it to this then fine.
> In my original plan level 1 also meant the KISS/Custodia service is
> available on all master. If not then we cannot depend on it and we
> cannot fully finish the work on replica promotion w/o requiring the
> replica package anymore.
The Custodia/Replica promotion will depend on Topology plugin to be there, but
I do not think we necessarily need to make it a new Domain Level just for it.
During "ipa-replica-install", the installer can simply check if Custodia is
accessible on remote server and bail out if it is not accessible and it does
not have the replica file.
Martin
More information about the Freeipa-devel
mailing list