On 01/19/11 11:16, Dave Miner wrote:
On 01/18/11 12:48 PM, William Schumann wrote:
Dave,
On 01/18/11 04:23 PM, Dave Miner wrote:
On 01/17/11 11:18 AM, William Schumann wrote:
Dave,
On 01/14/11 05:46 PM, Dave Miner wrote:
On 01/14/11 09:45 AM, William Schumann wrote:
Dave,
Responding to particular questions inline:
On 01/12/11 09:51 PM, Dave Miner wrote:
locate_profile.py
285: I'm doubtful this validation is the right thing to do. It
seems
to pre-suppose that the server will have the same DTD the
client would have in the boot service, but that seems to impose a
requirement on the server that it be updated to the latest
possible version of the DTD, which is generally undesirable to
require from an operational point of view. Or am I
misunderstanding how this would work? This presumably could impact
the validate_profile_string() function in common_profile.py, too.
This is a service_bundle DTD validation by the CGI, taking place
after XML validation. It's original purpose was to validate a
dynamic profile completely (files can be in the user's space), since
the user would be free to break it after submitting it with
'installadm create-profile'. The same DTD validation occurs for all
profiles in create-profile. If a DTD-level validation does not
occur on the server, it could be quite some time before the user
discovers the error - some time during or after the installation
(or upon rebooting if not careful). It assumes that the AI server
has
a copy of the service_bundle DTD with the correct version for
the service in question. If the user does not update the package
delivering service_bundle, it will have to be obtained by other
means. It is assumed that versions of service_bundle will be
differentiated by the version indicator at the end the file name,
currently :1, so that it can be copied to /usr/lib. It is expected
that under normal circumstances, the AI server is upgraded to
the level of the OS being installed.
To summarize the last paragraph:
- the correct service_bundle DTD would be required for 'installadm
create-profile', too
- it is better to validate against the service_bundle DTD and
require
operational adjustments in the odd case, which should mean
only copying the DTD of the needed version.
I don't believe this is workable, it requires a great deal of manual
fiddling by the user to achieve correct results (seemingly including
installing packages that are mis-aligned with the server release) in
cases where the server and clients are skewed, which are *very*
common. Unless we can come up with a better answer where the, this
can't remain.
As I stated, it could be resolved simply by copying the appropriate
version of /usr/share/lib/xml/dtd/service_bundle.dtd.NNN
Assuming that doing so might be more difficult than I think it
would, I
would propose reducing a missing service_bundle DTD in
create-profile to
a warning only, since we don't know that the profile in question if
invalid if we don't have the DTD. So if the profile were valid XML, it
would be accepted into the database with only a warning.
The service bundle DTD is a packaged portion of the system. We do
not want to ever be recommending that the user copy random
versions of files from the later versions of the system/packages to
earlier ones as a standard procedure, as it breaks our general
support model for the OS. So, yes, I think this will be more
difficult than you think; to do this properly involves back-porting
the DTD to earlier versions of the OS that would need to be able to
consume that DTD, and that takes real time for someone, and
doesn't work well for releases that have gone out of support but
might otherwise work OK as an AI server.
I can perhaps go along with reducing it to a warning, though I'm
concerned that this will also generate support calls and their
accompanying costs.
Yes, this will result in some calls. However, I keep in mind
difficulties in hand-coding XML, which keeps me pushing for as much
validation help as possible, since these problems are far more common
for users.
I understand why you want to provide it, but we need to ensure that it
doesn't create more problems than it solves.
Can't we get the service_bundle dtd from the boot image of the install
service that the profile is being validated for? Or am I missing something?
-ethan
Dave
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
