Dne 11.5.2015 v 15:34 Martin Kosek napsal(a):
On 05/11/2015 03:18 PM, Jan Cholasta wrote:
Dne 6.5.2015 v 09:29 Martin Kosek napsal(a):

as already discussed in December [1], we will need to implement domain levels
in FreeIPA 4.2 to make sure we can manage the replication agreement by Topology

I created a ticket for this feature [3] and linked it with Simo's design. The
proposed scope for the feature is written in the ticket itself. Tomas agreed he
would work on this.

The first consumer is Ludwig's topology plugin. Seeing Ludwig's initial patches
[4], I suspect he chose a different format (major/minor) for the domain level
value, but as we discussed in [2], it will rather be a numerical value, raised
only when needed. This is something for Tomas and Ludwig to coordinate together.

I am not sure if Custodia work will need this, maybe the new
ipa-replica-install would just check if Custodia is there or not and not decide
on Domain Levels... we will see.

The design page does not list the actual API, but I expect it to be very simple
for now, maybe just

$ ipa domainlevel-show
$ ipa domainlevel-raise NUMBER

I would think

$ ipa domain-show
$ ipa domain-set-level NUMBER

because "domain level" does not sound like an object, but rather a "level"
property of a "domain" object.

I think the point here was that the Domain Level is a separate LDAP object with
just that value. So the naming seemed pretty self-explanatory and consistent to 

That seems to me like an implementation detail rather than something against which to model the API. (Come on, singleton object with a single property?)

With using just "domain-*" we are blocking ourselves for the time when real
"Domain" object shows up.

I don't see why it should.

Anyway, I don't have a strong opinion on this, except I like "set" better than "raise".

Jan Cholasta

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to