Innovative replication management in FreeIPA
Ludwig Krispenz and Petr Vobornik
Every deployment with many servers, which are connected by replication, faces the problem to manage connections between servers, determine if the topology is fully connected, if there is a single point of failure and to get information on replication status.
Traditionally replication connections are configured in cn=config and apply to a single replication connection. Managing this kind of configuration requires access to cn=config on all participating servers, querying and and processing data from all servers.
FreeIPA uses a new approach to manage replication topology based on the multimaster replication concept of 389-ds and the plugin support of 389-ds. The authoritative replication configuration is stored in the main database and replicated to all servers in the replication topology.
Each database backend is represented by a topology entry, each server by a node entry, defining which databases are managed and connections are represented by one- or bi-directional segments, which are mapped to replication agreements.
A topology plugin manages changes to these topology config entries and controls the actual replication configuration entries in cn=config.
This allows to manage the replication topology on a single server, verify the degree of connectivity, initiate online initializations from one remote server to another, to add and delete connections between any servers and on each server check if removal of a segment would disconnect the topology or if a segment to be added already exists.
The availability of this distributed and centralized information on any server also simplifies the topology management via command line interface and Web UI. Dynamic nature of Web UI allows to visualize the topology graph so that administrator can have a better understanding of the entire topology.
This talk will cover the replication concept used in topology management, the plugin implementation and features and a demonstration of managing the topology from a Web UI.
In an outlook we will show how this concept could be extended to monitor and manage other server configurations
Ludwig Krispenz, Principal Software Engineer, Red Hat
Started supporting Netscape Directory Server 1.2 and since was supporting and developing iPlanet DS, Sun DSEE and 389-ds. Currently I am working in the FreeIPA team to ensure a better integration and support of requested features in the core directory server.
Petr Vobornik, Software Engineer, Red Hat
A member of FreeIPA team. Works on FreeIPA management and installation components including Web UI.