[Freeipa-devel] [PATCH] 0024 - Better random ranges

Stephen Gallagher sgallagh at redhat.com
Tue Dec 7 13:21:20 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/07/2010 08:13 AM, Simo Sorce wrote:
> On Tue, 07 Dec 2010 07:40:36 -0500
> Stephen Gallagher <sgallagh at redhat.com> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 12/06/2010 06:51 PM, Simo Sorce wrote:
>>>
>>> This patch reduced the size of the default range (from 1 million to
>>> 200.000) and also changes the way the range is selected.
>>> Instead of starting at a completely random number, it selects 1 out
>>> of 10000 random 200k ranges so that the range starts at multiples
>>> of 200k.
>>>
>>> This makes it so that 2 different installs either do not overlap at
>>> all or overlap completely (once in 10k times) instead of potentially
>>> partially overlapping.
>>>
>>
>> Instead of using a random number here, why don't we do something more
>> predictable (so installing FreeIPA on the same machine will hit the
>> same range).
>>
>> Something we used to do at my old job was base it on the IPv4 address
>> of the primary network adapter in the machine. Basically, we could
>> take the integer representation of the IP address, take the modulus
>> 10000 of it, and choose the range from that.
> 
> That's not needed, if you want to force a specific range you can simply
> pass an option to the installer.
> 
>> This would also provide a guarantee that replicas on the same network
>> would get unique ranges (instead of a 1 in 10,000 chance of doubling
>> up).
> 
> Replicas take a cut of the range from the first master, sharing the
> assigned initial range between them (see the DNA plugin[1] Shared
> config to understand how it works)
> 
>> These are just suggestions. The patch as it exists right now looks
>> fine to me (though I haven't tested it).
> 
> I have tested it :)
> 
> Simo.
> 
> [1] http://directory.fedoraproject.org/wiki/DNA_Plugin
> 


In that case: ack.

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkz+NNAACgkQeiVVYja6o6ODEgCgnsbBx5gGBNU8Jrb8IfnaaXhv
LVAAoKU7aCwJ5Uut7hmoLxeOMEJyb4I1
=avc3
-----END PGP SIGNATURE-----

More information about the Freeipa-devel mailing list