Conscious language improvements #6
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tbordaz
reviewed
Jul 25, 2023
docs/389ds/FAQ/esc-guide.md
Outdated
| @@ -27,7 +27,7 @@ The Dogtag Certificate System creates, manages, renews, and deletes certificates | |||
| - The Data Recovery Manager (DRM), which archives and recovers keys. | |||
| - The Online Certificate Status Manager, which stores lists of revoked certificates for client applications to use to check if a certificate is valid. | |||
| - The Token Processing System (TPS), which interacts with smart cards to generate and store keys and certificates for a specific user. | |||
| - The Token Key Service (TKS), which generates and stores master keys used by the TPS. | |||
There was a problem hiding this comment.
Are you sure we can change this word. Someone from PKI should confirm
There was a problem hiding this comment.
I've changed it back as I confirmed with the recent docs that they still use 'master' terminology.
I've created the issue on their repo - dogtagpki/pki#4515
docs/389ds/FAQ/faq.md
Outdated
|
|
||
| 389 replication uses a push model. A replication supplier is a server that pushes updates to other servers. A master is a supplier that can receive update requests from clients. A hub is a supplier that receives update requests from other replication suppliers and pushes updates to other replicas. | ||
| 389 replication uses a push model. A replication supplier is a server that pushes updates to other servers. A supplier is a supplier that can receive update requests from clients. A hub is a supplier that receives update requests from other replication suppliers and pushes updates to other replicas. |
There was a problem hiding this comment.
Would change it into: A supplier is a LDAP server that can receive and process update requests from clients.
docs/389ds/FAQ/selinux-policy.md
Outdated
| @@ -75,7 +75,7 @@ When the service command is used, **ldap-agent** will use **/etc/dirsrv/config/l | |||
|
|
|||
| #### Port Access | |||
|
|
|||
| The subagent does not listen on any ports itself. The sub-agent simply communicates with the snmpd master agent, which accesses the ports itself. | |||
| The subagent does not listen on any ports itself. The sub-agent simply communicates with the snmpd supplier agent, which accesses the ports itself. | |||
There was a problem hiding this comment.
I would say 'main' agent as it is not related to replication
|
|
||
| To determine the correct behaviour all combinations in a two master topology are considered. If more masters are involved the variety increases, but in URP there will always be only the resolution of a current state with a state change received via replication. | ||
| To determine the correct behaviour all combinations in a two supplier topology are considered. If more suppliers are involved the variety increases, but in URP there will always be only the resolution of a current state with a state change received via replication. |
There was a problem hiding this comment.
I think it okay as it means "a topology of two suppliers". So it should be two supplier topology.
But I think even better option will be to say: "two-supplier topology". Hence, I'll fix like that.
| ------------------- | ||
|
|
||
| The following table lists all the combinations of state changes in two master topology, each state change has to be executed with the potential operations to achieve this state change. It is assumed that the CSN of the state change on master 1 is always lower than that on master 2. This is also the reason that the table contains the full combinations since (--\>S0,--\>S1) and (--\>S1,--\>S0) are not symmetric. | ||
| The following table lists all the combinations of state changes in two supplier topology, each state change has to be executed with the potential operations to achieve this state change. It is assumed that the CSN of the state change on supplier 1 is always lower than that on supplier 2. This is also the reason that the table contains the full combinations since (--\>S0,--\>S1) and (--\>S1,--\>S0) are not symmetric. |
| --------------------- | ||
|
|
||
| Although with more than two masters the update resolution procedure should sequentially applied and result in the same state resolution existing bugs show that this is not the case with the current implementation. This chapter will handle all scenarios with 3 masters, this also allows all three different state changes applied in parallel. An extension to more than three master should not be necessary. In the tests a consumer should be added to the topology, it serves as a reference where the modifications are applied in the csn order. | ||
| Although with more than two suppliers the update resolution procedure should sequentially applied and result in the same state resolution existing bugs show that this is not the case with the current implementation. This chapter will handle all scenarios with 3 suppliers, this also allows all three different state changes applied in parallel. An extension to more than three supplier should not be necessary. In the tests a consumer should be added to the topology, it serves as a reference where the modifications are applied in the csn order. |
|
|
||
| ### Possible Solutions | ||
|
|
||
| It is certainly important to retain the ability to allocate IDs from a range or slice so that communication with other DCs is kept to a minimum and necessary only when ranges are depleted and reconfiguration is needed. | ||
|
|
||
| Using ranges of IDs instead of an algorithm to split a uniquely available space would make this easier. | ||
|
|
||
| Manually splitting the ID space into ranges would be easy. And assigning a range to each server too. The advantage of using a range is that if one server is running low on IDs all is needed is only one other master available that has a big enough range assigned. The 2 servers can in fact be reconfigured so that half of the range previously assigned to one server can be reassigned to the other without the need for other masters to be online. The change of ownership information will be replicated to them as soon as they come up. There is no possibility that one master will steal ranges from another one as communication between the new and the old owner is required to allow the transfer of ownership. | ||
| Manually splitting the ID space into ranges would be easy. And assigning a range to each server too. The advantage of using a range is that if one server is running low on IDs all is needed is only one other supplier available that has a big enough range assigned. The 2 servers can in fact be reconfigured so that half of the range previously assigned to one server can be reassigned to the other without the need for other suppliers to be online. The change of ownership information will be replicated to them as soon as they come up. There is no possibility that one supplier will steal ranges from another one as communication between the new and the old owner is required to allow the transfer of ownership. |
There was a problem hiding this comment.
I have a doubt here with the terminology of the DNA plugin. With DNA a server can request range to another server. I do not know how it was express in DNA plugin description. We should stick to what is in the doc
There was a problem hiding this comment.
I checked both Admin and Config guides and we use the supplier terminology there.
| @@ -106,5 +106,5 @@ The first operation will fail if the range has already been manipulated by someo | |||
|
|
|||
| ### Considerations | |||
|
|
|||
| What happen if the server is directly reachable but the replication topology is broken and the changes do not reach back the original server ? After the first change the plugin will have outdated information, when the grace period expires the plugin will, probably, try again with the same server and fail to the operation to grab a new range, at this point it will switch to another server. The Master requesting the new ranges cannot use them until the replication is over and its db has been changed accordingly to inform it of the new ownership. | |||
| What happen if the server is directly reachable but the replication topology is broken and the changes do not reach back the original server ? After the first change the plugin will have outdated information, when the grace period expires the plugin will, probably, try again with the same server and fail to the operation to grab a new range, at this point it will switch to another server. The Supplier requesting the new ranges cannot use them until the replication is over and its db has been changed accordingly to inform it of the new ownership. | |||
There was a problem hiding this comment.
The same, we should use the terminology that is in the DNA plugin documentation
| @@ -10,15 +10,15 @@ title: "Managing Replication Conflict Entries" | |||
| Overview | |||
| ======== | |||
|
|
|||
| In multimaster replication the same entry (entries with the same DN), can be added concurrently and will be accepted by the masters whhic handle the ADD. After replication there would be two entries with the same DN, which violates the LDAP data model. So replication needs to “resolve this conflict. | |||
| In multisupplier replication the same entry (entries with the same DN), can be added concurrently and will be accepted by the suppliers whhic handle the ADD. After replication there would be two entries with the same DN, which violates the LDAP data model. So replication needs to “resolve this conflict. | |||
There was a problem hiding this comment.
Here a typo. 'whhic' -> 'which'
docs/389ds/howto/howto-bind.md
Outdated
| @@ -57,7 +57,7 @@ To implement this solution, the following things need to happen: | |||
| dnszonename: foobar.com | |||
| dnsclass: IN | |||
| dnstype: SOA | |||
| dnszonemaster: tim.foobar.com | |||
| dnszonesupplier: tim.foobar.com | |||
There was a problem hiding this comment.
I have a doubt. Is dnszonemaster a valid term ?
There was a problem hiding this comment.
IMHO the whole howto-bind document is outdated, the links to ldap2dns now leads to sourceforge main page but they do not have any project about ldap2dns ...
IMHO we should rather left it as it and move it in an "Outdated" section ...
Move "How to Bind" with DNS to the legacy section.
|
Fixed. Please, review... |
tbordaz
approved these changes
Jul 26, 2023
Thanks for the review! @progier389 I haven't found "Outdated" section, so I moved it to "Legacy How To's" one. Is it okay with you? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.