On 14.3.2016 16:26, Petr Vobornik wrote:
On 03/14/2016 12:57 PM, Jan Cholasta wrote:
On 14.3.2016 12:50, Martin Basti wrote:


On 14.03.2016 12:05, Jan Cholasta wrote:
Hi,

On 11.3.2016 10:39, Stanislav Laznicka wrote:
Hi,

Please see the patch attached. Contrary to the discussion at
https://fedorahosted.org/freeipa/ticket/4987 I also added the suffix
option for clean_ruv command. If this command is available for normal
RUVs, it should probably be available for CS-RUVs as well (or
deprecated
for both with advised use of clean_dangling_ruv).

ipa-csreplica-manage is used to manage the CA suffix, so
ipa-csreplica-manage should be extended instead of adding --suffix
option to ipa-replica-manage. Having half of the CA suffix managed by
ipa-replica-manage and the other half by ipa-replica-manage is
confusing.

Honza

There is a design document about deprecating ipa-csreplica-manage and
move part of its responsibilities to ipa-replica-manage.

http://www.freeipa.org/page/V4/Manage_replication_topology_4_4#ipa.28cs.29replica_manange_changes




So patch is compatible with design.

The design is wrong then.

I don't agree.


Either do it in ipa-csreplica-manage, or make *all* ipa-replica-manage
sub-commands respect the --suffix option. Anything else is inconsistent
mess.

That's the idea for domain level 1. There is little value in extending
behavior(managing replication agreements) in domain level 0.

Domain level 0 is still relevant, it won't go away anytime soon.


Main idea is to not care about suffixes and work with all suffixes right
away. This is reflected in clean-dangling-ruv command and these
extensions are its counterpart - to enable disabling the run. We mostly
care about replica IDs not suffixes they belong to. IMO --suffix option
is not necessary and is mostly for debugging.

One of the reasons why we have all the RUV commands is a mess after
uninstallation when somebody forgets/ignores to run
`ipa-csreplica-manage del $server` or also `ipa-replica-manage del
$server` before uninstallation of replica. Users then usually run
`ipa-replica-manage del $server` --force --clean` but
`ipa-csreplica-manage del $server` can't be run after it.  Changes in
4.3 and 4.4 tries to prevent this situation (e.g. by calling equivalent
of `ipa-cs+replica-manage del` from `ipa-server-install  --uninstall`).
But until then mess is cleaned on all servers, we should deal with it
with the most convenient way - hiding implementation details.


This is actually exposing implementation details by forcing the user to use a different command based on the domain level.

Please explain to me how any of the above requires us to introduce additional inconsistencies and bad UX to IPA.

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to