Dne 2.3.2015 v 12:23 Martin Kosek napsal(a):
On 03/02/2015 07:49 AM, Jan Cholasta wrote:
Dne 24.2.2015 v 19:10 Martin Basti napsal(a):
please read the design page, any objections/suggestions appreciated
* Merge server update commands into the one command (ipa-server-upgrade)
So there is "ipa-server-install" to install the server, "ipa-server-install
--uninstall" to uninstall the server and "ipa-server-upgrade" to upgrade the
server. Maybe we should bring some consistency here and have one of:
a) "ipa-server-install [--install]", "ipa-server-install --uninstall",
b) "ipa-server-install [install]", "ipa-server-install uninstall",
c) "ipa-server-install", "ipa-server-uninstall", "ipa-server-upgrade"
Long term, I think we want C. Besides other advantages, it will let us have
independent sets of options, based on what you want to do.
* Prevent to run IPA service, if code version and configuration version does
* ipactl should execute ipa-server-upgrade if needed
There should be no configuration version, configuration update should be run
always. It's fast and hence does not need to be optimized like data update by
using a monolithic version number, which brings more than a few problems on its
I do not agree in this section. Why would you like to run it always, even if it
was fast? No run is still faster than fast run.
In the ideal case the installer would be idempotent and upgrade would be
re-running the installer and we should aim to do just that. We kind of
do that already, but there is a lot of code duplication in installers
and ipa-upgradeconfig (I would like to fix that when refactoring
installers). IMO it's better to always make 100% sure the configuration
is correct rather than to save a second or two.
In the past, I do not recall
ipa-upgradeconfig as being really fast, especially certmonger/Dogtag related
updates were really slow thank to service restarts, etc.
Correct, but I was talking about configuration file updates, not
(re)starts, which have to always be done in ipactl anyway.
* Prevent user to use ipa-upgradeconfig and ipa-ldap-updater
Even without arguments? Is ipactl now the only right place to trigger manual
Plugins are called from update files, using new directive
Why "update-plugin" and not just "plugin"? Do you expect other kinds of plugins
to be called from update files in the future? (I certainly don't.)
I have no strong feelings on this one, but IMO it is always better to have some
"plan B" if we choose to indeed implement some yet unforeseen plugin based
I doubt that will happen, but if it does, we can always add
New class UpdatePlugin is used for all update plugins.
Just reuse the existing Updater class, no need to reinvent the wheel.
I wonder why configuration update is done after data update and not before. I
know it's been like that for a long time, but it seems kind of unnatural to me,
especially now when schema update is separate from data update. (Rob?)
keep --test option and fix the plugins which do not respect the option
Just a note, I believe this ticket is related:
Good work overall!
Freeipa-devel mailing list