[Freeipa-devel] IPA Server upgrade 4.2 design

Martin Basti mbasti at redhat.com
Mon Mar 2 11:58:32 UTC 2015 

On 27/02/15 20:45, Rob Crittenden wrote:
> Martin Basti wrote:
>> On 26/02/15 10:45, Petr Spacek wrote:
>>> On 25.2.2015 17:49, Martin Basti wrote:
>>>> On 25/02/15 17:15, Petr Spacek wrote:
>>>>> On 24.2.2015 19:10, Martin Basti wrote:
>>>>>> Hello all,
>>>>>>
>>>>>> please read the design page, any objections/suggestions appreciated
>>>>>> http://www.freeipa.org/page/V4/Server_Upgrade_Refactoring
>>>>> Thank you for the design, I have only few nitpicks.
>>>>>
>>>>>> Increase update files numbers range
>>>>>> Update files number will be extended into 4 digits values.
>>>>> IMHO the dependency on particular number format should be removed
>>>>> altogether.
>>>>> It should be perfectly enough to say that updates are executed in ASCII
>>>>> lexicographic order and be done with it.
>>>> 4.1.3-2 > 4.1.3-12 in lexicographic order, this will not fit.
>>> Well, sure, but it allows you to use
>>> 00-a
>>> 01-b
>>>
>>> and renumber it to
>>>
>>> 001-a
>>> 002-b
>>>
>>> at will without changes to code. (Lexicographic order is what 'ls'
>>> uses by
>>> default so you can see the real ordering at any time very easily.)
>>>
>>> Also, as you pointed out, it allows you to do things like
>>> 12.345-a
>>> 12.666-bbb
>>> without changing code, again :-)
>> Oh stupid me, I read it wrong, I replied with IPA version compare.
>>
>> sounds good to me, any objections anyone?
> This makes sense as long as we don't abuse it. The numbers are there to
> apply some amount of order but flexibility is good, and will avoid the
> problem of having humongous update files.
So it is not clear to me,  should we use 4 digit numbers, or just 
lexicographic order?

> I'm fine with allowing DM given that it allows running as non-root
> (pretty much the only condition that ldapi wouldn't work), but I think a
> full upgrade will fail w/o root given that you are combining the two
> commands.
I'm not sure, if I get it.

The ipa-server-upgrade has to be run under root user (ldapi, service 
upgrades).
If LDAPI failed, user may use DM password to do LDAP update (this should 
fix LDAPI settings) but root user is still required to update services. 
So root user is always required to do this.
>
> On ipactl, would it be overkill if there is a tty to prompt the user to
> upgrade? In a non-container world it might be surprising to have an
> upgrade happen esp since upgrades take a while.
In non-container enviroment, we can still use upgrade during RPM 
transaction.

So you suggest  not to do update automaticaly, just write Error the IPA 
upgrade is required?
>
> With --skip-version-check what sorts of problems can we foresee? I
> assume a big warning will be added to at least the man page, if not the cli?
For this big warning everywhere.
The main problem is try to run older IPA with newer data. In containers 
the problem is to run different platform specific versions which differ 
in functionality/bugfixes etc..
>
> Where does platform come from? I'm wondering how Debian will handle this.
platform is derived from ipaplatform file which is used with the 
particular build. Debian should have own platform file.
>
> Looks really good.
>
> rob
>


-- 
Martin Basti

More information about the Freeipa-devel mailing list