On 05/28/2015 09:05 AM, Petr Spacek wrote: > On 28.5.2015 08:55, Jan Cholasta wrote: >> Dne 26.5.2015 v 16:32 Petr Spacek napsal(a): >>> On 26.5.2015 16:16, Martin Kosek wrote: >>>> On 05/26/2015 04:13 PM, thierry bordaz wrote: >>>>> On 05/26/2015 02:12 PM, Petr Spacek wrote: >>>>>> Hello, >>>>>> >>>>>> it came to my mind that domain level for topology plugin should actually >>>>>> be >>>>>> number 2, not 1. >>>>>> >>>>>> We already used number 1 for incompatible changes in DNS tree and I >>>>>> believe >>>>>> that it is not a good idea to have two places which say 'version 1' but >>>>>> and >>>>>> actually mean two different things. (DNS tree version 1 + domain level 1) >>>>>> >>>>>> Patch is attached. >>>>>> >>>>>> >>>>>> >>>>> Hello, >>>>> The fix looks good but that seems strange to have to set the initial >>>>> version of >>>>> the topology plugin to 2.0. (IIUC That is the version that will be >>>>> written in >>>>> dse.ldif) >>>>> I would rather expects that topology plugin 1.0, would activate itself if >>>>> the >>>>> DomainLevel is 2.0 or more. >>>>> If topology plugin 1.0 sets an internal DomainLevel_trigger=2.0 then >>>>> activate >>>>> itself if DomainLevel >= DomainLevel_trigger. >>>>> >>>>> Let's wait for Ludwig feedback. >>>>> >>>>> thanks >>>>> thierry >>>> >>>> My personal opinion on this is to start with Domain Level 1 regardless. We >>>> already "solved" the DNS forwarders otherwise, with docs, async updates >>>> etc. I >>>> do not think we will be returning to implementing proper Domain Level >>>> support >>>> for that anyway. >>>> >>>> So I rather think that all the "Domain Level starts with 0, 1 is unused, 2 >>>> is >>>> the top one" will cause unforeseen issues I would rather like to avoid. >>> >>> I'm more worried about confusion in future. To to me it simply seems easier >>> to >>> bump one integer now than to document and explain (to users & new >>> developers) >>> why we have two "ones" which mean something else. >>> >>> Code-wise it is just an integer. >>> >>> Also, it can simplify logic in future when we decide to do another >>> incompatible change in DNS tree because we will have only one integer to >>> test >>> (instead of checking two separate version attribute in DNS tree & domain >>> level). >> >> +1, but I think the minimum supported domain level should be 1, not 0, >> because >> 0 means the server uses the old DNS schema, which we do not support anymore, >> right? > > Good point! >
It may be a good point, but it does not make the situation easier. You still have RHEL/CentOS 6.x IPA out there, where some of them already support the new DNS forwarders and some don't - and neither of them support Domain Levels - i.e. have Domain Level 0. As I said, I still see more complications with this proposals than benefits... -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
