krb5-1.12 beta2 - New Feature - iprop notify
Richard Basch
basch at alum.mit.edu
Mon Dec 9 22:23:35 EST 2013
I finally got everything working, I think.
https://github.com/rbasch/krb5/compare/krb5-1.12?expand=1
The relevant commits are:
Allow slaves to locally track ulog updates (facilitates switching roles
without forcing full propagation)
https://github.com/rbasch/krb5/commit/22bbe9461e354399c8e1e8924be7596ad0520e
aa
https://github.com/rbasch/krb5/commit/33bb7a9cb79b31f227bbd863ddc4aec639285a
03
Tree-based replication (implements new command-line options in kadmind &
kpropd)
https://github.com/rbasch/krb5/commit/e976d70e2a682f8ba081cc8f6aaf5d6ed9123b
b1
Notify slaves of pending updates (implements new command-line option in
kprop)
https://github.com/rbasch/krb5/commit/69b9221daa77679aca117e880a0eac6e8f44ef
28
https://github.com/rbasch/krb5/commit/c5c0a1db657b7e3eabfb8b3bc13a3f9192fb68
8c
(NEW; removed timer code from prior patch and implements an event-based
trigger for downstream slaves)
Man page updates for new command-line switches
https://github.com/rbasch/krb5/commit/3cc5b70eed0c99d95f6939559acd9fd334286c
c9
Unfortunately, the GIT commits are more complicated than needed be since
c5c0a1d reverses part of 69b9221 (I reverted the timer-based trigger and
implemented an event-based trigger for the downstream slaves once I realized
I could use the NULLPROC method as a trigger).
Let me know if you have questions.
From: Richard Basch [mailto:basch at alum.mit.edu]
Sent: Monday, December 02, 2013 1:16 AM
To: krbdev at mit.edu
Cc: richard.basch at gs.com; 'Richard Basch'; ghudson at mit.edu; tlyu at mit.edu
Subject: krb5-1.12 beta2 - New Feature - iprop notify
This implements a framework whereby when kadmind processes an update, it
notifies the slaves of pending updates (akin to DNS notify events). This
facilitates more real-time synchronization, and when combined with my
tree-based propagation patches, should be quite scalable for most
environments, especially global environments where WAN usage/latency may be
of concern. This latest patch does layer atop my prior contributions.
https://github.com/rbasch/krb5/commit/69b9221daa77679aca117e880a0eac6e8f44ef
28
So far, I am quite pleased with my preliminary tests. There are still fringe
conditions which might result in up to a 1 second processing lag, but this
lag only exists with multi-tier configurations or when performing database
edits using kadmin.local instead of via the kadm5 protocol.
As author (and since these were developed on personal time with no employer
intellectual property encumbrances), I hereby authorize MIT to publish these
patches within the Kerberos source under the MIT copyright.
Full set of patches:
Allow slaves to locally track ulog updates (facilitates switching roles/role
reversals without forcing full propagation)
https://github.com/rbasch/krb5/commit/22bbe9461e354399c8e1e8924be7596ad0520e
aa
https://github.com/rbasch/krb5/commit/33bb7a9cb79b31f227bbd863ddc4aec639285a
03
Tree-based replication (implements new command-line options in kadmind &
kpropd)
https://github.com/rbasch/krb5/commit/e976d70e2a682f8ba081cc8f6aaf5d6ed9123b
b1
Notify slaves of pending updates (implements new command-line option in
kprop)
https://github.com/rbasch/krb5/commit/69b9221daa77679aca117e880a0eac6e8f44ef
28
Please feel free to contact me with any questions regarding the above
contribution (I already provided my contact information under separate
cover).
More information about the krbdev
mailing list