Add safe initial synchronization support for new replication peers#14
Add safe initial synchronization support for new replication peers#14McAndersDK wants to merge 4 commits into
Conversation
…error handling in replication tasks
| - name: Create temporary LDIF file for enabling outbound replication | ||
| ansible.builtin.copy: | ||
| dest: "/tmp/dirsrv_enable_replication.ldif" | ||
| content: | | ||
| dn: cn=agreement_with_{{ dirsrv_consumer_uri | urlsplit('hostname') | replace('.', '_') }},cn=replica,cn="{{ dirsrv_suffix }}",cn=mapping tree,cn=config | ||
| changetype: modify | ||
| replace: nsds5ReplicaEnabled | ||
| nsds5ReplicaEnabled: on | ||
| mode: '0600' | ||
| when: dirsrv_perform_initial_sync and dirsrv_enable_outbound_replication_after_sync |
There was a problem hiding this comment.
Why a temporary file instead of community.general.ldap_attrs?
| - name: Restart service after replication agreement creation | ||
| ansible.builtin.include_tasks: restart_service.yml | ||
| when: | ||
| - dirsrv_instance_is_supplier or dirsrv_instance_is_consumer |
There was a problem hiding this comment.
I'm not entirely sure, but isn't this going to restart the server even if the agreement is unchanged? If that's the case, is there any way to avoid it?
There was a problem hiding this comment.
I will look into a way to detect if this is new stuff.
| - name: Create temporary LDIF file for initiating sync | ||
| ansible.builtin.copy: | ||
| dest: "/tmp/dirsrv_initial_sync.ldif" | ||
| content: | | ||
| dn: cn=agreement_with_{{ ansible_hostname + "_" + ansible_domain | replace('.', '_') }},cn=replica,cn="{{ dirsrv_suffix }}",cn=mapping tree,cn=config | ||
| changetype: modify | ||
| add: nsds5BeginReplicaRefresh | ||
| nsds5BeginReplicaRefresh: start | ||
| mode: '0600' | ||
| delegate_to: "{{ dirsrv_initial_sync_source }}" | ||
| when: dirsrv_perform_initial_sync |
There was a problem hiding this comment.
Why a temporary file instead of community.general.ldap_attrs?
|
Your PR generally looks good, but I have a few questions, please see my comments in the code review. |
Do you have any way you want to setup some testing? |
I don't personally have time to do it, but if you want to try to setup something, you can try setting up 2 instances with molecule and configure them, similarly to this (which configures a single instance): https://github.com/lvps/389ds-server/tree/master/molecule/default |
2 participants
Summary
This PR adds support for safe initial synchronization when introducing a new server into a 389DS replication topology.
With this change, the role can initialize a new peer from an existing server, wait for the synchronization to complete, and then enable outbound replication. This makes it easier and safer to add a new node to an existing multi-master environment.
What’s included
Why
When a new replication node is added, it should first receive a complete copy of the directory data before participating fully in replication. This feature helps automate that process and reduces the risk of bringing a new peer online before it has been properly initialized.