[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: snmpconf General Functional Questions

on 06/12/2000 12:01 PM, Matt White at mwhite@torrentnet.com wrote:

> The problem is what happens if an element is locally modified and then put
> under policy control?  I don't think we want to allow policies to
> overwrite existing explicit (manual) configuration when they are first
> instantiated.

This is a good point and a bit of the chicken and egg problem. In an earlier
posting I said another way to override a manual selection in addition to the
one we have been discussing is to reload the policy. It seems this is an
explicit user directed method. This is important since I agree we do not
want to overwrite existing explicit manual configuration. That is why I also
suggested that manual intervention on the role table is required in the case
of an object that has been overridden by manual change.  The meaning of
reload (as opposed to update) policy is the same as first time load. I think
these times, by definition you want to override manual settings. Remember
that manual overrides can be added and maintained indefinitely as needed. Of
course a policy full of manual overrides probably should not be a policy.
> The way I view this is that, at any given time, there will be some number
> of policies being enforced on a device.  These policies will conflict with
> eachother (that seems unavoidable).  We need a mechanism for resolving
> this conflict regardless.  Now, if we view manual configuration as a
> "policy" of the highest priority, the conflict resolution mechanism that
> we already need can be used to give us the behaviour that we want.
> So, what I suggest is a table of OIDs and RowPointers to the policies that
> are modifying them (there can be multiple policies per OID).  Manual
> configuration can be a special policy that always exists.  Each policy
> then has a priority assigned to it that is used to determine which policy
> of the conflicting policies take effect.
I had not thought about the current mechanism as a conflict related one
until you pointed it out. I do not want to start the general conflict
discussion in this thread, so perhaps another separate email. I am not clear
what OIDS you reference here, OIDs of the modified instances? Lets make this
a separate thread. In a day or so, I will try to consolidate what we have
discussed with regard to overrides.