7:23 a.m.
Hello folks !
Greetings ! I am looking at a usecase wherein we want radsecproxy to handle config changes
on the fly instead of having to restart the whole process.
For example, say we add/del new radius servers or clients without affecting the existing
sessions/threads.
As I am comparing a few design choices to make this happen, wanted to check if someone has
already worked on it ? If it is in roadmap for the immediate future,
any design concepts someone might have already thought of but were not able to implement
it ?
Thanks,
Imtiyaz
1:02 p.m.
Hi Imtiyaz,
On 17.11.20, 08:23, "imtiyaz(a)arista.com" <imtiyaz(a)arista.com> wrote:
Greetings ! I am looking at a usecase wherein we want radsecproxy to handle config
changes on the fly instead of having to restart the whole process.
For example, say we add/del new radius servers or clients without affecting the
existing sessions/threads.
As I am comparing a few design choices to make this happen, wanted to check if someone
has already worked on it ? If it is in roadmap for the immediate future,
any design concepts someone might have already thought of but were not able to
implement it ?
This is on my personal wish-list, but I haven't done any work in that direction. I
think it will require quite a lot of restructuring, as right now, most of the code
isn't prepared for dynamic config changes (apart from the dyndisc stuff). I do want to
do this some day, but I think there are more important features right now.
Regards,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
1:12 p.m.
Thanks for the prompt reply Fabian. Yes, from the cursory look it does look
like it will take some effort to handle all the threads and the queues to
handle dynamic config.
I Will try to attempt it myself in pieces, maybe support adding/deleting
servers first and then look at clients and so on. Will share my progress
with the forum.
On Tue, Nov 17, 2020 at 6:33 PM Fabian Mauchle <fabian.mauchle(a)switch.ch>
wrote:
Hi Imtiyaz,
On 17.11.20, 08:23, "imtiyaz(a)arista.com" <imtiyaz(a)arista.com> wrote:
Greetings ! I am looking at a usecase wherein we want radsecproxy to
handle config changes on the fly instead of having to restart the whole
process.
For example, say we add/del new radius servers or clients without
affecting the existing sessions/threads.
As I am comparing a few design choices to make this happen, wanted to
check if someone has already worked on it ? If it is in roadmap for the
immediate future,
any design concepts someone might have already thought of but were not
able to implement it ?
This is on my personal wish-list, but I haven't done any work in that
direction. I think it will require quite a lot of restructuring, as right
now, most of the code isn't prepared for dynamic config changes (apart from
the dyndisc stuff). I do want to do this some day, but I think there are
more important features right now.
Regards,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
2:06 p.m.
Hey,
One more thing, I would really appreciate if you can share any thoughts
around the code restructuring you have mentioned in your earlier reply. If
that’s something that’s not going to take in a lot of your time.
Don’t want to take up a completely orthogonal approach or reinvent
something.
On Tue, 17 Nov 2020 at 6:42 PM, Imtiyaz Mohammad <imtiyaz(a)arista.com> wrote:
Thanks for the prompt reply Fabian. Yes, from the
cursory look it does
look like it will take some effort to handle all the threads and the queues
to handle dynamic config.
I Will try to attempt it myself in pieces, maybe support adding/deleting
servers first and then look at clients and so on. Will share my progress
with the forum.
On Tue, Nov 17, 2020 at 6:33 PM Fabian Mauchle <fabian.mauchle(a)switch.ch>
wrote:
> Hi Imtiyaz,
>
> On 17.11.20, 08:23, "imtiyaz(a)arista.com" <imtiyaz(a)arista.com>
wrote:
>
> Greetings ! I am looking at a usecase wherein we want radsecproxy to
> handle config changes on the fly instead of having to restart the whole
> process.
> For example, say we add/del new radius servers or clients without
> affecting the existing sessions/threads.
>
> As I am comparing a few design choices to make this happen, wanted to
> check if someone has already worked on it ? If it is in roadmap for the
> immediate future,
> any design concepts someone might have already thought of but were
> not able to implement it ?
>
> This is on my personal wish-list, but I haven't done any work in that
> direction. I think it will require quite a lot of restructuring, as right
> now, most of the code isn't prepared for dynamic config changes (apart from
> the dyndisc stuff). I do want to do this some day, but I think there are
> more important features right now.
>
> Regards,
> Fabian
>
> --
> SWITCH
> Fabian Mauchle, Network Engineer
> Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
> Phone +41 44 268 15 30, direct +41 44 268 15 39
>
>
>
>
3:46 p.m.
On 17.11.20, 15:06, "Imtiyaz Mohammad" <imtiyaz(a)arista.com> wrote:
One more thing, I would really appreciate if you can share any thoughts around the
code restructuring you have mentioned in your earlier reply. If that’s something that’s
not going to take in a lot of your time.
The structure I once imagined was to modularize the code (maybe roughly along the config
blocks), and separate it from the config interpreter. Then have a central core configuring
multiple instances of each module and stitching them together. This should also simplify
unit testing for each module.
BR,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
3:51 a.m.
Thanks Fabian. Sounds like a good plan indeed. I am giving this a shot,
let's see how that goes.
On Wed, Nov 18, 2020 at 9:16 PM Fabian Mauchle <fabian.mauchle(a)switch.ch>
wrote:
On 17.11.20, 15:06, "Imtiyaz Mohammad" <imtiyaz(a)arista.com> wrote:
One more thing, I would really appreciate if you can share any
thoughts around the code restructuring you have mentioned in your earlier
reply. If that’s something that’s not going to take in a lot of your time.
The structure I once imagined was to modularize the code (maybe roughly
along the config blocks), and separate it from the config interpreter. Then
have a central core configuring multiple instances of each module and
stitching them together. This should also simplify unit testing for each
module.
BR,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
1517
days inactive
1520
days old
5 comments
3 participants
participants (3)
-
Fabian Mauchle -
Imtiyaz Mohammad -
imtiyaz@arista.com