[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cn=config: sharing, conditionals

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: cn=config: sharing, conditionals
From: Howard Chu <hyc@symas.com>
Date: Wed, 27 May 2009 22:40:04 -0700
Cc: Quanah Gibson-Mount <quanah@zimbra.com>, OpenLDAP Devel <openldap-devel@openldap.org>
In-reply-to: <hbf.20090528ibkr@bombur.uio.no>
References: <4A1CB4EF.7000007@symas.com> <7C0905A945DCB017A60E33FF@[192.168.1.199]> <hbf.20090528ibkr@bombur.uio.no>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b5pre) Gecko/20090517 SeaMonkey/2.0a1pre Firefox/3.0.3

Hallvard B Furuseth wrote:

I ought to try syncrepl before talking too much, but anyway:

Quanah Gibson-Mount writes:

It sounds like it gracefully solves the ability of keeping both master
and replica configurations around for the most part.  What still
remains sticky is ACLs.  There are plenty of valid reasons for the
master to have very different ACLs than the replicas do.


And things like<authz-policy>  and<allow>.  Security settings, if you
run a master inside a well protected subnet and partial slaves on more
open ones.

It would be a mistake to run any servers with lesser security settings thanany other server, if all of them are sharing data.

Master and slave can share some but not all databases, and you might
want to replicate config of those they share - but this way the database
numbers will differ.  Might not share all related schema either.

It would most likely be a mistake not to share schema. Of course, there'snothing preventing us from putting ServerMatch on schema entries too. And no,the database numbers would be the same - all of the database configs would bereplicated, but some of them would be inactive on various servers.

<threads>, cache settings,<argsfile>, etc. if your servers run on
different OSes.  Which can be useful so that if an OS-specific problem
hits one server, others are in no danger.

Threads, maybe. cache settings, perhaps. argsfile is just a command lineparameter, so not relevant. Most of the sites we work with deploy identicalhardware for their pools of servers. The most common form of load balancing isround-robin DNS, which is only "fair" if all of the servers are equivalent intheir load handling capability.

I'm sure there are good reasons for plenty of other things to differ,
while config-replication could still be useful.  Depends on how flexible
partial config-replication is intended to be.

Since there is currently no support at all, I think it's important to getsomething usable first, and worry about those other cases later.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: cn=config: sharing, conditionals
  - From: Howard Chu <hyc@symas.com>
- Re: cn=config: sharing, conditionals
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- cn=config: sharing, conditionals
  - From: Howard Chu <hyc@symas.com>
- Re: cn=config: sharing, conditionals
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: cn=config: sharing, conditionals
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: cn=config: sharing, conditionals
Next by Date: Re: cn=config: sharing, conditionals
Index(es):
- Chronological
- Thread