462920 – Make DNA plug-in auto-extend exhausted ranges

Bug 462920 - Make DNA plug-in auto-extend exhausted ranges

Summary: Make DNA plug-in auto-extend exhausted ranges

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	389
Classification:	Retired
Component:	Server - DNA Plug-in
Sub Component:
Version:	1.1.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nathan Kinder
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	249650 FDS1.2.0
TreeView+	depends on / blocked

Reported:	2008-09-19 18:13 UTC by Nathan Kinder
Modified:	2015-01-04 23:34 UTC (History)
CC List:	4 users (show)
Fixed In Version:	8.1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-04-29 23:06:32 UTC
Embargoed:

Attachments	(Terms of Use)
CVS Diffs (85.90 KB, patch) 2008-09-19 18:26 UTC, Nathan Kinder	no flags	Details \| Diff
Revised Diffs (85.96 KB, patch) 2008-09-22 22:27 UTC, Nathan Kinder	no flags	Details \| Diff
Show Obsolete (1) View All

Description Nathan Kinder 2008-09-19 18:13:48 UTC

When using the DNA plug-in in a multi-master replication scenario, a master should try to transfer range from another master when it's own range is exhausted (or hits a low-water mark).

Comment 1 Nathan Kinder 2008-09-19 18:26:40 UTC

Created attachment 317225 [details]
CVS Diffs

These diffs implement auto-extension of ranges.

The way that this works is that a server sends a range extension extended operation request to another server when it hits a threshold.  The contents of this request are simply a string identifying the range it would like to extend (more details on this string below).  The other server will respond with an extended operation response containing a set of new minimum and maximum values that define the range it is transferring if it decides to give up the range.  This extended operation is only allowed by the replication bind DN.  The transferred range is always from the top-end of the server's range that is releasing the values.  It will give up to half of it's remaining allocated values up for each request.

For a server to know what other servers it can request range from, a shared configuration entry for each managed range is configured by the administrator.  This shared config entry must be located in the replicated tree.  Each server who has a range configured to use that shared entry will maintain a child entry for itself there.  This child entry has the server's hostname and portnumbers along with the remaining number of values that it has left.  This allows a server to ask the server with the most available values for range first instead of just asking all servers in a random order.  This shared config entry is the string that is used in the extended operation request.

When a range is transferred from another server, it is saved as an "on-deck" range until the old range is completely exhausted.  At that time, it will be made the active range.  This approach also allows an administrator to manually add a new range to a server by simply adding the dnaNextRange attribute to the range configuration entry, which puts this new range "on-deck".

In addition to the above, I made the DNA plug-in register for internal operations so it can catch new entries added by winsync.  I also added some functions to SLAPI for fetching long long values from attributes.

Comment 2 Nathan Kinder 2008-09-22 22:27:45 UTC

Created attachment 317423 [details]
Revised Diffs

I noticed a few unused defines that I meant to remove, so this new set of diffs addresses that.

Comment 3 Rich Megginson 2008-09-24 19:59:40 UTC

https://bugzilla.redhat.com/attachment.cgi?id=317423&action=diff#ldap/servers/plugins/dna/dna.c_sec14
in dna_load_host_port()
I think you need to add nsslapd-secureport to the attr list, otherwise it won't be returned.

Otherwise, ok.

Comment 4 Nathan Kinder 2008-09-24 21:09:40 UTC

(In reply to comment #3)
> https://bugzilla.redhat.com/attachment.cgi?id=317423&action=diff#ldap/servers/plugins/dna/dna.c_sec14
> in dna_load_host_port()
> I think you need to add nsslapd-secureport to the attr list, otherwise it won't
> be returned.
> 
> Otherwise, ok.

Good catch!  I'll get a new patch attached and check everything in.

Comment 5 Nathan Kinder 2008-09-24 21:23:03 UTC

Checked into ldapserver (HEAD).

Checking in ldap/ldif/template-dnaplugin.ldif.in;
/cvs/dirsec/ldapserver/ldap/ldif/template-dnaplugin.ldif.in,v  <--  template-dnaplugin.ldif.in
new revision: 1.2; previous revision: 1.1
done
Checking in ldap/servers/plugins/dna/dna.c;
/cvs/dirsec/ldapserver/ldap/servers/plugins/dna/dna.c,v  <--  dna.c
new revision: 1.9; previous revision: 1.8
done
Checking in ldap/servers/slapd/entry.c;
/cvs/dirsec/ldapserver/ldap/servers/slapd/entry.c,v  <--  entry.c
new revision: 1.17; previous revision: 1.16
done
Checking in ldap/servers/slapd/slapi-plugin.h;
/cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-plugin.h,v  <--  slapi-plugin.h
new revision: 1.30; previous revision: 1.29
done
Checking in ldap/servers/slapd/value.c;
/cvs/dirsec/ldapserver/ldap/servers/slapd/value.c,v  <--  value.c
new revision: 1.7; previous revision: 1.6
done

Comment 6 Jenny Severance 2009-02-25 18:41:21 UTC

This functionality now exists in DS 8.1 and is being tested by automated DNA acceptance testing.

Comment 7 Chandrasekar Kannan 2009-04-29 23:06:32 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html

Note You need to log in before you can comment on or make changes to this bug.