[PATCH] do a partial replication with drs replicate --local

Andrew Bartlett abartlet at samba.org
Thu Feb 2 07:42:04 UTC 2017 

On Thu, 2017-02-02 at 07:59 +0100, Stefan Metzmacher wrote:
> Hi Bob,
> 
> > "samba-tool drs replicate --local" would previously always do a
> > full
> > replication, as replicate() would always use a highwatermark with
> > all 0s
> > and no uptodateness_vector. These patches let replicate()
> > optionally
> > take a highwatermark and an uptodateness_vector, and make drs
> > replicate
> > --local send the appropriate one by default. They also include a
> > test
> > for this. This allows us to manually pull only changes to a server
> > which
> > isn't yet joined to the domain.
> > 
> > One potential issue is: should the default behavior be to do a
> > partial
> > replication, or a full replication? Previously, it was a full
> > replication, whereas these patches change it to a partial
> > replication
> > (this is trivial to change).
> > 
> > Please review and push if appropriate.
> 
> We should not construct a highwatermark on the client side!
> You need to check if we have a repsFrom for the current dc
> and get the highwatermark from there, otherwise we need to send an
> empty highwater mark and just rely on the uptodatevector.
> 
> The uptodatevector also needs an entry for our self,
> basically the logic from dsdb_load_udv_v2().

So I can try and work with Bob on this tomorrow, what you are asking is
that in addition to reading the replUpToDateVector the code should read
the repsFrom?  

The reason we didn't rely on the repsFrom is that the use case for this
tool will very likely not have a repsFrom for the target server, as it
is trying to force a manual replication.  

In any case, preferring that seems reasonable, but why should we not
use the USN from replUpToDateVector as a fallback, to reduce the
processing required on the DC?  Can you fill me/us in on the the
difference in behaviour you are worried about?

(I realise the > USN search in GetNCChanges is still un-indexed, but it
is much faster now than it was in the past). 

This tool is quite likely to be used in attempting to recover very
large domains (which is currently much more difficult with the forced
full replication in the current tool).

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list