Dne 2.3.2015 v 12:23 Martin Kosek napsal(a):
On 03/02/2015 07:49 AM, Jan Cholasta wrote:

Dne 24.2.2015 v 19:10 Martin Basti napsal(a):
Hello all,

please read the design page, any objections/suggestions appreciated


* Merge server update commands into the one command (ipa-server-upgrade)

So there is "ipa-server-install" to install the server, "ipa-server-install
--uninstall" to uninstall the server and "ipa-server-upgrade" to upgrade the
server. Maybe we should bring some consistency here and have one of:

  a) "ipa-server-install [--install]", "ipa-server-install --uninstall",
"ipa-server-install --upgrade"

  b) "ipa-server-install [install]", "ipa-server-install uninstall",
"ipa-server-install upgrade"

  c) "ipa-server-install", "ipa-server-uninstall", "ipa-server-upgrade"

Long term, I think we want C. Besides other advantages, it will let us have
independent sets of options, based on what you want to do.


* Prevent to run IPA service, if code version and configuration version does
not match
   * ipactl should execute ipa-server-upgrade if needed

There should be no configuration version, configuration update should be run
always. It's fast and hence does not need to be optimized like data update by
using a monolithic version number, which brings more than a few problems on its

I do not agree in this section. Why would you like to run it always, even if it
was fast? No run is still faster than fast run.

In the ideal case the installer would be idempotent and upgrade would be re-running the installer and we should aim to do just that. We kind of do that already, but there is a lot of code duplication in installers and ipa-upgradeconfig (I would like to fix that when refactoring installers). IMO it's better to always make 100% sure the configuration is correct rather than to save a second or two.

In the past, I do not recall
ipa-upgradeconfig as being really fast, especially certmonger/Dogtag related
updates were really slow thank to service restarts, etc.

Correct, but I was talking about configuration file updates, not (re)starts, which have to always be done in ipactl anyway.


* Prevent user to use ipa-upgradeconfig and ipa-ldap-updater

Even without arguments? Is ipactl now the only right place to trigger manual


Plugins are called from update files, using new directive

Why "update-plugin" and not just "plugin"? Do you expect other kinds of plugins
to be called from update files in the future? (I certainly don't.)

I have no strong feelings on this one, but IMO it is always better to have some
"plan B" if we choose to indeed implement some yet unforeseen plugin based

I doubt that will happen, but if it does, we can always add "plan-b-plugin" directive.


New class UpdatePlugin is used for all update plugins.

Just reuse the existing Updater class, no need to reinvent the wheel.


I wonder why configuration update is done after data update and not before. I
know it's been like that for a long time, but it seems kind of unnatural to me,
especially now when schema update is separate from data update. (Rob?)


keep --test option and fix the plugins which do not respect the option

Just a note, I believe this ticket is related:

Good work overall!


Jan Cholasta

Freeipa-devel mailing list

Reply via email to