Bug 1291240 - [RFE] Support Read-Only Replicas
[RFE] Support Read-Only Replicas
Status: ASSIGNED
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Namita Soman
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-14 06:48 EST by Martin Kosek
Modified: 2017-12-08 12:53 EST (History)
15 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Martin Kosek 2015-12-14 06:48:42 EST
Identity Management users with many sites requiring high availability would need at least 1-2 IdM replicas per site. When the number of sites is higher than 20-50, the number of IdM Master servers become too high and harder to maintain. It would be better to deploy ~20 IdM master servers in the major sites and then deploy Read Only replicas in other sites which won't require write access.

Currently, IdM only supports only writable replicas and the high availability is provided by these replicas + offline caching on the client (SSSD) side. However, this does not cover situations when the connection to IdM master server (in other side) is broken and admin needs to log in to a server he/she never logged to.
Comment 4 Petr Vobornik 2016-01-04 13:05:02 EST
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5569
Comment 16 W. de Heiden 2017-10-23 05:21:43 EDT
This story is a long way....
Read only replica's would be high appreciated! Quit some organizations use a read only Windows Domain Controller in DMZ for obvious reason. Some kind of read-only replica's would fit this situation :)
Comment 17 Marco Rodrigues 2017-11-07 03:16:47 EST
(In reply to W. de Heiden from comment #16)
> This story is a long way....
> Read only replica's would be high appreciated! Quit some organizations use a
> read only Windows Domain Controller in DMZ for obvious reason. Some kind of
> read-only replica's would fit this situation :)

You're completely right. The adoption of this product is limited due to this issue. Another example is premises (write master) -> Cloud (read-only replica).

Note You need to log in before you can comment on or make changes to this bug.