[midPoint] Systems temporarily offline

Petr Gašparík - AMI Praha a.s. petr.gasparik at ami.cz
Thu May 9 11:16:07 CEST 2019 

Hi guys,
I am looking for your experience with dealing with temporarily offline
systems.

It means, we know they will be offline for week or so. We are trying to
find best way to deal with this. Why we are doing that - motivators:

   - with system being offline, midpoint still tries to reach it
   - this tries generate ERRORs, which clogs audit log
   - plus, corresponding reconciliations and recomputes are delayed by
   timeouts


So far, we have developed three theoretical approaches, but *none solves
"too much errors in audit log" challenge*

Approach one:

   - set search timeout to 1ms in XML resource definition
   - pros:
      - changes are cached
   - cons:
      - admin unfriendly
      - midPoint still generates timeout errors
   - question:
      - is hashed password delta safe this way?

Approach two:

   - set consistency/connectorErrorCriticality to ignore for generic,
   network and configuration
   - cons:
      - admin unfriendly
      - midPoint still generates timeout errors
   - question:
      - will the deltas be cached?¨

Approach three:

   - delete resource object (and upload again afterward)
   - pros:
      - admin friendly
   - questions:
      - will the deltas be cached?
      - how will the projections work?

Approcach four:

   - resource assigned only via inducements
   - inducements conditioned by flag "resourceXisOnline"
   - pros:
      - admin friendly
   - cons:
      - deltas are not probably cached
   - question:
      - will the errors be gone?
      - where to put the flag to?
      - how will assignemnts work in this enviroment? will shadows be
      preserved?


What are your experiences, guys?
I think this is good candidate for wanted.evolveum.com, if we can gather
enough votes. On other side, I can't shatter the feeling that midPoint
_should_have_ this solved.

--

regards

*Petr Gašparík*
solution architect

gsm: [+420] 603 523 860
e‑mail: petr.gasparik at ami.cz

*AMI Praha a.s.*
Pláničkova 11, 162 00 Praha 6

tel.: [+420] 274 783 239 | web: www.ami.cz

[image: AMI Praha a.s.]

Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
za společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.

Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat
důvěrné nebo osobní
informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
zveřejňování, zprostředkování
nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně,
informujte o tom prosím
odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
všech jeho příloh. Nakládáním
s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190509/885c0391/attachment.htm>

More information about the midPoint mailing list