krb5-1.12 beta2 - New Feature - iprop notify
Richard Basch
basch at alum.mit.edu
Mon Dec 2 01:15:35 EST 2013
This implements a framework whereby when kadmind processes an update, it
notifies the slaves of pending updates (akin to DNS notify events). This
facilitates more real-time synchronization, and when combined with my
tree-based propagation patches, should be quite scalable for most
environments, especially global environments where WAN usage/latency may be
of concern. This latest patch does layer atop my prior contributions.
https://github.com/rbasch/krb5/commit/69b9221daa77679aca117e880a0eac6e8f44ef
28
So far, I am quite pleased with my preliminary tests. There are still fringe
conditions which might result in up to a 1 second processing lag, but this
lag only exists with multi-tier configurations or when performing database
edits using kadmin.local instead of via the kadm5 protocol.
As author (and since these were developed on personal time with no employer
intellectual property encumbrances), I hereby authorize MIT to publish these
patches within the Kerberos source under the MIT copyright.
Full set of patches:
Allow slaves to locally track ulog updates (facilitates switching roles/role
reversals without forcing full propagation)
https://github.com/rbasch/krb5/commit/22bbe9461e354399c8e1e8924be7596ad0520e
aa
https://github.com/rbasch/krb5/commit/33bb7a9cb79b31f227bbd863ddc4aec639285a
03
Tree-based replication (implements new command-line options in kadmind &
kpropd)
https://github.com/rbasch/krb5/commit/e976d70e2a682f8ba081cc8f6aaf5d6ed9123b
b1
Notify slaves of pending updates (implements new command-line option in
kprop)
https://github.com/rbasch/krb5/commit/69b9221daa77679aca117e880a0eac6e8f44ef
28
Please feel free to contact me with any questions regarding the above
contribution (I already provided my contact information under separate
cover).
More information about the krbdev
mailing list