Skip Menu |
 

Subject: Add hierarchical iprop support
This feature allows iprop slaves to serve incremental updates to other
slaves, so that they can be arranged in a tree structure rather than a
single hub with many spokes. It is based on code submitted by Richard
Basch.
From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.5KiB

Simplify ulog_map

Get rid of the caller parameter. The kproplog semantics (without -R)
for mapping the ulog are simple and almost completely different from
other users of the ulog, so implement them as a static helper in
kproplog. With hierarchical iprop, kpropd will need the same
semantics as FKCOMMAND and FKADMIND, which were already identical.

Get rid of the db_args parameter, since ulog_map no longer opens the
database after #7552.

Remove an inoperative lseek() call when creating a new ulog file.
Rename ulog_filesize to filesize and compute it from scratch each time
we use it, for easier analysis. If kdb_hmagic is zero, init the ulog
header but don't skip the rest of the function; it's possible that we
need to expand the ulog file. Remove an unneeded conditional before
calling extend_file_to for an existing ulog.

https://github.com/krb5/krb5/commit/6a4a4b7b5e3265e4a811a9fd72c2534e6c5f5fd4
Author: Greg Hudson <ghudson@mit.edu>
Commit: 6a4a4b7b5e3265e4a811a9fd72c2534e6c5f5fd4
Branch: master
src/include/kdb_log.h | 10 +----
src/kadmin/dbutil/dump.c | 2 +-
src/kadmin/dbutil/kdb5_create.c | 6 +-
src/kadmin/dbutil/kdb5_util.c | 3 +-
src/kadmin/server/ovsec_kadmd.c | 3 +-
src/lib/kadm5/srv/server_init.c | 7 +--
src/lib/kdb/kdb_log.c | 95 ++++++--------------------------------
src/lib/kdb/t_ulog.c | 2 +-
src/slave/kpropd.c | 2 +-
src/slave/kproplog.c | 54 ++++++++++++++--------
10 files changed, 61 insertions(+), 123 deletions(-)
From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.5KiB

Maintain complete ulog on iprop slaves

Factor out most of ulog_add_update into a helper function named
store_update, and make ulog_add_update just responsible for assigning
a serial number and timestamp to the update before storing it. In
ulog_replay, use store_update and ulog_finish_update to add each
update to the ulog in addition to replaying it to the database. Don't
use incr_ret->lastentry to set kdb_last_sno/kdb_last_time, since it
will have been set properly by adding the individual updates; instead,
just reinitialize the ulog on error.

Slave ulogs use serial numbers provided from upstream, and thus do not
always begin at serial number 1 after a header reset. As a result, we
must: (A) in store_update, detect the first update (for which we must
assign kdb_first_sno/kdb_first_time) by comparing kdb_num to 0,
instead of by comparing the serial number to 1; (B) in store_update,
detect that we are overwriting the first update by comparing kdb_num
to ulogentries, instead of comparing the serial number to ulogentries;
and (C) in ulog_map, detect that ulogentries changed by verifying the
first and last serial number and timestamp against the actual ulog
entries, rather than simply comparing kdb_last_sno to kdb_num.

Based on code submitted by Richard Basch.

https://github.com/krb5/krb5/commit/406c83c835a8ce062d798a2ec4eda2eddd088450
Author: Greg Hudson <ghudson@mit.edu>
Commit: 406c83c835a8ce062d798a2ec4eda2eddd088450
Branch: master
src/lib/kdb/kdb_log.c | 148 ++++++++++++++++++++++++-------------------------
1 files changed, 73 insertions(+), 75 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Implement kadmind -proponly

The -proponly option causes kadmind to only service the iprop service,
not the kpasswd or kadmin services. An intermediate slave in a
hierarchical iprop setup runs kadmind -proponly in order to provide
incremental updates to downstream slaves.

Based on code submitted by Richard Basch.

https://github.com/krb5/krb5/commit/2ed8ebf18809af66aeaa2af6984754bdbefff500
Author: Greg Hudson <ghudson@mit.edu>
Commit: 2ed8ebf18809af66aeaa2af6984754bdbefff500
Branch: master
doc/admin/admin_commands/kadmind.rst | 7 ++++++
src/kadmin/server/ovsec_kadmd.c | 37 ++++++++++++++++++++-------------
2 files changed, 29 insertions(+), 15 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Implement kpropd -A

The -A option causes kpropd to contact a specified admin server
(normally an intermediate slave running kadmind -proponly) instead of
the master admin server.

Based on code submitted by Richard Basch.

https://github.com/krb5/krb5/commit/90c11ff42008a90a72ee71444b0ad799e38b7ff0
Author: Greg Hudson <ghudson@mit.edu>
Commit: 90c11ff42008a90a72ee71444b0ad799e38b7ff0
Branch: master
doc/admin/admin_commands/kpropd.rst | 5 +++++
src/slave/kpropd.c | 8 ++++++++
2 files changed, 13 insertions(+), 0 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Test iprop slave ulog management

Check the ulog more thoroughly after each operation, including the
principal names we expect in each update entry. Verify that the slave
ulog contains actual update entries received from master. Add a
second slave which receives updates from the first. Test a wider
variety of principal operations. Add two additional operations after
the full resync to test that incremental updates resume after a full
resync (albeit with some lag).

https://github.com/krb5/krb5/commit/cf090890b4219483412ab89b39a60d92515191eb
Author: Greg Hudson <ghudson@mit.edu>
Commit: cf090890b4219483412ab89b39a60d92515191eb
Branch: master
src/tests/t_iprop.py | 336 +++++++++++++++++++++++++++++++++++---------------
1 files changed, 238 insertions(+), 98 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Document hierarchical iprop

Also remove an outdated caveat, but add a new one about policy changes
causing full resyncs.

https://github.com/krb5/krb5/commit/e87bba2e8a8c753b761227dda5f2e216a6771db2
Author: Greg Hudson <ghudson@mit.edu>
Commit: e87bba2e8a8c753b761227dda5f2e216a6771db2
Branch: master
doc/admin/database.rst | 19 +++++++++++++------
1 files changed, 13 insertions(+), 6 deletions(-)