On 10/15/10 10:17 AM, William Schumann wrote:
> Version 1.9 - fixed some outdated references
Hi William,
I continued to focus mostly on the commands.
5.4.3.2 In Table of criteria, you reference hostname as an installadm criteria.
Currently, hostname is not an installadm criteria - are you planning to add it
and have it be added to the criteria database?
5.6
o Is there a default profile if the user doesn't set one with set-sc?
o Thinking about set-sc and add-sc - how about just add-sc? Not sure I see a
need for both of them. Comments below for set-sc can be applied to add-sc as
well.
o I see that this rev changed the usage for set-sc to make it clear that -p and
-x are mutually exclusive (good). It also could be clearer that any number of
profiles/commands can be defined, but at least one. Maybe something like (I also
did away with the braces):
-p <profile> ... | -x <command> ...
Is there a reason you need both -p and -x? Can you tell from the file whether it
is a profile or not and handle whatever differences there are that way?
o Can you have multiple criteria for set-sc, -c crit1=val1 -c crit2=val2, etc.?
If so, it should be reflected in the usage, [-c <criteria>=<value> ...]
o How will criteria resolution be done when more than one profile with criteria
matches?
o wrt the -n |-e options...
My interpretation of your document is that there is an implied precedence order
for these options? So if someone has defined global, service level, and mac
level, then a client will get the -e profiles if the macaddr matches, else the
-n profiles if the svcname matches, otherwise the global profiles? Is that how
it works?
Actually, should there even be a -e option? It seems odd to me that -e is an
option as well as a criteria to be used with -c. Might it make more sense to
have only -n as an option (and no -e and then to use -c mac if you want profiles
for a certain client? Same comment for the other profile commands.
o Can one specify a global profile as well as a global profile with a criteria?
And clients that meet the criteria would get the second profile and the rest
would get the first one?
5.6.2 exporting
o Suggest that "export-sc" be generalized to "export" so that it can handle
manifests too
o Suggest that -o be used for output directory rather than -f.
o wrt "To display a particular SC profile in the database, specify the profile
path..."
Does the user gets this path from the list command? Any reason not to use just
the filename and prompt if there is more than one possibility? Otherwise, a lot
for the user to type in. If we have a name for the profile, we can use this (see
below).
5.6.3 listing
o Suggest that installadm list-sc be made part of the installadm list
subcommand, maybe installadm list -s? And then you could also have installadm
list -s -n svcname to list profiles for a particular service.
5.6.3.1 sample list output
General - The output here is not that easy to read. It needs to have a cleaner
look to it and be easier to understand.
o inclusion=installadm
Should this say static instead of installadm?
5.6.4 delete-sc
o It would be helpful to have the usage listed in 5.7 be in this section before
breaking down the different examples.
o Do you still want/need the -g for delete-sc, since you've removed it from
other subcommands?
5.6.5 validating
o Suggest that "validate-sc" be generalized to "validate" so that it can handle
manifests too, if we choose to implement that at some point
o If profiles have a name (see below) we can drop the criteria portion from the
usage
o Suggest that -o be used for output directory rather than -f.
5.6.6 first paragraph
o Any existing global profiles are deleted? Even those that were specified with
criteria?
o "must contain the directive as described above"
Can you provide a section reference or just give the example here?
General after reading 5.6: I find myself really not liking the fact that one
needs to keep entering criteria in order to specify what to export, validate,
and delete. I would prefer to have some other way that you can use to identify a
profile. Perhaps an associated name? In fact, maybe we should make the usage
for add-sc (assuming we do away with set-sc) to be:
add-sc [-n <svcname>] [-c <criteria>=<value>] -f <profile_file> ...
and then the name would be the filename portion of <profile_file>.
5.8.2.1
o wrt get_SC_profile.py: Commands in /usr/sbin should not have .py extensions.
Also, I dislike the mixed case, can we have get_sc_profile?
5.10
Please add a section similar to 5,7
5.10.3.3
o is setting of certificate something that can/should be applicable to a service
(i.e., service-wide)?
o can/should authentication be disabled/enabled per client (or per service)
similar to per server?
Document nits:
5.6 System-wide profiles -> Server-wide profiles
5.6 For the the options above -> For a given option
5.6.3 and and -> and
5.6.4 exact match database match -> exact database match
5.6.4 global(-g') flag -> global ('-g') flag
5.6.6
2 -> Two
1 static and 1 dynamic -> one static and one dynamic
Thanks,
Sue
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
