[Freeipa-devel] IPA Server upgrade 4.2 design

Petr Spacek pspacek at redhat.com
Thu Feb 26 09:45:14 UTC 2015 

On 25.2.2015 17:49, Martin Basti wrote:
> On 25/02/15 17:15, Petr Spacek wrote:
>> On 24.2.2015 19:10, Martin Basti wrote:
>>> Hello all,
>>>
>>> please read the design page, any objections/suggestions appreciated
>>> http://www.freeipa.org/page/V4/Server_Upgrade_Refactoring
>> Thank you for the design, I have only few nitpicks.
>>
>>> Increase update files numbers range
>>> Update files number will be extended into 4 digits values.
>> IMHO the dependency on particular number format should be removed altogether.
>> It should be perfectly enough to say that updates are executed in ASCII
>> lexicographic order and be done with it.
> 4.1.3-2 > 4.1.3-12 in lexicographic order, this will not fit.

Well, sure, but it allows you to use
00-a
01-b

and renumber it to

001-a
002-b

at will without changes to code. (Lexicographic order is what 'ls' uses by
default so you can see the real ordering at any time very easily.)

Also, as you pointed out, it allows you to do things like
12.345-a
12.666-bbb
without changing code, again :-)

Petr^2 Spacek

>>> To resolve issues mentioned above only one command should do upgrade:
>>> ipa-server-upgrade.
>> I very much agree with this.
>>
>>
>>> ipa-server-upgrade characteristics
>> ...
>>> 4. LDAP data update (+ update plugins)
>>> 5. upgrade configuration
>> At this point I would appreciate explanatory text what is 'LDAP data update'
>> and what is 'upgrade configuration'. Maybe some examples could be enough.
> LDAP data update == upgrading data stored in LDAP (user data + cn=config)
> upgrade configuration == upgrading configuration of services in filesystem
> (apache, named)
> 
> I will add some explanation there.
>>
>>> ipactl checks if installed version and version stored in LDAP are the same:
>> ...
>>> ipactl start|restart option --force overrides this check.
>> I would like to see a separate option. --force currently skips rollback if
>> some services could not start but this is fundamentally different from
>> version/upgrade checks.
> Ohh, good catch thank you, maybe --skip-version-check ?
Sounds fine to me.

>>
>>> ipa-server-upgrade    
>>> --version     show program's version number and exit
>> Maybe it could print code version + data version (if available). It could be
>> handy debugging tool.
> Good idea thanks
>>> ipa-server-upgrade    
>>> --test     Note: for developing only
>> Is it really worth the effort to keep the option and invest more time in it?
>>
> I do not expect any extra effort (except fixing 3 plugins - 6 lines of code
> approx), so if it will help to develop updates it could stay there (personally
> I do not use it, usually updates broke during write to server on some
> constraints)

Okay, I thought that it is broken significantly.

-- 
Petr^2 Spacek

More information about the Freeipa-devel mailing list