On Mon, 05 Jan 2015 14:15:17 +0100 Martin Basti <mba...@redhat.com> wrote:
> On 15/12/14 23:01, Simo Sorce wrote: > > Hello fellow developers, I added this new design: > > http://www.freeipa.org/page/V4/Domain_Levels > > > > It is a prerequisite for both the Replica Promotion design: > > http://www.freeipa.org/page/V4/Replica_Promotion > > and the Topology plugins design: > > http://www.freeipa.org/page/V4/Manage_replication_topology > > (Ludwig will change this to include the changes we have discussed > > in a previous phone call, and which involve mostly Domain > > Level/Domain Upgrades/migrations issues) > > > > As usual feel free to add as needed or comments and ask questions. > > > > Simo. > > > I have a question, how domain levels are related to IPA Upgrade? > > Will we able to run LDAP update after increasing domain level, if new > feature requires some LDAP data modification? > > Or we just do upgrade as we do now, and new code has to be able to > handle data in both new and old way. We'll have to be able to work on a range of levels. This means some updates may need to be conditional to the domain level. This also means the tool to raise the level may need to run some updates. I think we may want to start adding a level option at some point in updates, but we'll work it out when we get there I guess. > For example: > Forwardzone feature, old "forwardzones" and new forwardzones are not > compatible. It requires to change LDAP data, move fake "forwardzones" > to new objectclass. We will simply not accept incompatible changes, at least not on mere upgrades, we simply can't. The fact we have in the past has been a team communication failure in my view. > This should happen after increasing domain > level. Are we able to do that? (In current upgrade, forwardzones are > hidden in old replicas, user should use only new replica to > add/del/mod forwardzones) The challenge is in planning changes so that upgrades are not difficult to implement. Every developer MUST (int the RFC sense :-) think what are the consequences of the changes they are proposing/implementing on upgrades. FreeIPA is a distributed system, and people must think in that sense in general. If we corner ourselves in a situation where it is very hard to perform an upgrade that is our own failure. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel