On 28.5.2015 10:49, Martin Kosek wrote:
> On 05/28/2015 09:05 AM, Petr Spacek wrote:
>> On 28.5.2015 08:55, Jan Cholasta wrote:
>>> Dne 26.5.2015 v 16:32 Petr Spacek napsal(a):
>>>> On 26.5.2015 16:16, Martin Kosek wrote:
>>>>> On 05/26/2015 04:13 PM, thierry bordaz wrote:
>>>>>> On 05/26/2015 02:12 PM, Petr Spacek wrote:
>>>>>>> Hello,
>>>>>>>
>>>>>>> it came to my mind that domain level for topology plugin should 
>>>>>>> actually be
>>>>>>> number 2, not 1.
>>>>>>>
>>>>>>> We already used number 1 for incompatible changes in DNS tree and I 
>>>>>>> believe
>>>>>>> that it is not a good idea to have two places which say 'version 1' but 
>>>>>>> and
>>>>>>> actually mean two different things. (DNS tree version 1 + domain level 
>>>>>>> 1)
>>>>>>>
>>>>>>> Patch is attached.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Hello,
>>>>>> The fix looks good but that seems strange to have to set the initial
>>>>>> version of
>>>>>> the topology plugin to 2.0. (IIUC That is the version that will be 
>>>>>> written in
>>>>>> dse.ldif)
>>>>>> I would rather expects that topology plugin 1.0, would activate itself 
>>>>>> if the
>>>>>> DomainLevel is 2.0 or more.
>>>>>> If topology plugin 1.0 sets an internal DomainLevel_trigger=2.0 then 
>>>>>> activate
>>>>>> itself if DomainLevel >= DomainLevel_trigger.
>>>>>>
>>>>>> Let's wait for Ludwig feedback.
>>>>>>
>>>>>> thanks
>>>>>> thierry
>>>>>
>>>>> My personal opinion on this is to start with Domain Level 1 regardless. We
>>>>> already "solved" the DNS forwarders otherwise, with docs, async updates 
>>>>> etc. I
>>>>> do not think we will be returning to implementing proper Domain Level 
>>>>> support
>>>>> for that anyway.
>>>>>
>>>>> So I rather think that all the "Domain Level starts with 0, 1 is unused, 
>>>>> 2 is
>>>>> the top one" will cause unforeseen issues I would rather like to avoid.
>>>>
>>>> I'm more worried about confusion in future. To to me it simply seems 
>>>> easier to
>>>> bump one integer now than to document and explain (to users & new 
>>>> developers)
>>>> why we have two "ones" which mean something else.
>>>>
>>>> Code-wise it is just an integer.
>>>>
>>>> Also, it can simplify logic in future when we decide to do another
>>>> incompatible change in DNS tree because we will have only one integer to 
>>>> test
>>>> (instead of checking two separate version attribute in DNS tree & domain
>>>> level).
>>>
>>> +1, but I think the minimum supported domain level should be 1, not 0, 
>>> because
>>> 0 means the server uses the old DNS schema, which we do not support anymore,
>>> right?
>>
>> Good point!
>>
> 
> It may be a good point, but it does not make the situation easier. You still
> have RHEL/CentOS 6.x IPA out there, where some of them already support the new
> DNS forwarders and some don't - and neither of them support Domain Levels -
> i.e. have Domain Level 0.
> 
> As I said, I still see more complications with this proposals than benefits...

I would argue that it actually helps.

If domain level = 1 then we can be *sure* that all replicas support the new
DNS semantics.

If domain level = 0 then we know nothing (because of patched RHEL 6) and it is
a warning sign for diagnostic tools and also us when it comes to debugging.

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to