[Freeipa-devel] Provisioning throughput
Alexander Bokovoy
abokovoy at redhat.com
Thu May 26 10:23:43 UTC 2016
On Thu, 26 May 2016, thierry bordaz wrote:
>>>The limitation would be to run the provisioning on IPA master.
>>>During provisioning, membership attribute will be invalid
>>>(memberof not computed). Is it acceptable that IPA master contains
>>>invalid membership for some time ?
>>Consider provisioning to be at the same level as running
>>ipa-server-upgrade -- access via 389/636 ports is not allowed, LDAPI is
>>the only interface enabled which implies there would be no problem if we
>>set expectations right: provisioning mode is offline.
>
>Yes I agree, provisioning mode is offline.
>My concern is about side effects on the rest of the topology if we are
>putting IPA master offline (is password update possible on replica ?).
Sure, update on replica would be queued in replication queue. Password
changes are local anyway, they result in updates of few password
attributes and that's all. These attributes replicated in the same way
as anything else.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list