Jan Pazdziora wrote:
On Thu, Nov 14, 2013 at 03:40:52PM +0100, Petr Spacek wrote:
In reality, it means that you can re-run OpenStack installer on the
same machine/set of machines (with the same configuration, of
course!) and it will re-do everything again. You can re-run
The point is that it should *not* redo everything again.
installer again and again without any harm!
This solves case where something went wrong during the installation,
the installation was aborted and the machine was left in some
inconsistent state. Think about e.g. network failure during
installation, improper configuration which prevented installation
from finishing (crap in DNS), some intermittent and mysterious
errors in Dogtag installer and so on.
It does mean that you don't need to recycle whole machine if
something went wrong during installation ...
I am not sure idempotence focuses on failures, really. It says that
if your previous installer run passed, the subsequent run should
detect that individual pieces of configuration are already in place
and it should not re-run the steps to re-create them. The implication
being that it should only configure the pieces missing.
But if your installation is borked beyond repair for whatever reason,
it does not mean that the setup will be self-healing.
I think that our installers do a pretty decent job of cleaning after
themselves if things fails (rolling back the changes) which I find
much more important than leaving mess around with the intent of fixing
it upon the next run. Leaving things in consistent state is higher
value than idempotence.
I have mixed feelings about this.
I've recently been feeling that being able to restart an install in the
case of a CA install failure sure would be nice, especially in the case
where of an external CA install where you have to get someone else to
sign your CSR. This is hard to do once, much less having to go hat in
hand multiple times in case of an install failure.
Honestly, the uninstaller is more a developer side-effect than anything
else. We did it so we didn't have to fire up a new VM with every
install. There were some deep clouds of uncertainty over whether we
actually supported uninstall and re-installing or not back in the early
days.
Practically though, I think an idempotent installer opens a lot of cans
of worms. Do we limit some answers to their original? Take for instance
the REALM. Can someone change it on-the-fly? It would have some deep
repercussions. Similarly, changing the hostname. There are all kinds of
corner cases.
So I could see, maybe, continuing a failed install in case something
goes wrong, but that's about it. But again, my vision may be clouded by
what was and is such that I can't see what can be.
rob
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
