[Freeipa-devel] Domain level for topology plugin = 2

Thu May 28 08:49:08 UTC 2015

On 05/28/2015 09:05 AM, Petr Spacek wrote:
> On 28.5.2015 08:55, Jan Cholasta wrote:
>> Dne 26.5.2015 v 16:32 Petr Spacek napsal(a):
>>> On 26.5.2015 16:16, Martin Kosek wrote:
>>>> On 05/26/2015 04:13 PM, thierry bordaz wrote:
>>>>> On 05/26/2015 02:12 PM, Petr Spacek wrote:
>>>>>> Hello,
>>>>>>
>>>>>> it came to my mind that domain level for topology plugin should actually be
>>>>>> number 2, not 1.
>>>>>>
>>>>>> We already used number 1 for incompatible changes in DNS tree and I believe
>>>>>> that it is not a good idea to have two places which say 'version 1' but and
>>>>>> actually mean two different things. (DNS tree version 1 + domain level 1)
>>>>>>
>>>>>> Patch is attached.
>>>>>>
>>>>>>
>>>>>>
>>>>> Hello,
>>>>> The fix looks good but that seems strange to have to set the initial
>>>>> version of
>>>>> the topology plugin to 2.0. (IIUC That is the version that will be written in
>>>>> dse.ldif)
>>>>> I would rather expects that topology plugin 1.0, would activate itself if the
>>>>> DomainLevel is 2.0 or more.
>>>>> If topology plugin 1.0 sets an internal DomainLevel_trigger=2.0 then activate
>>>>> itself if DomainLevel >= DomainLevel_trigger.
>>>>>
>>>>> Let's wait for Ludwig feedback.
>>>>>
>>>>> thanks
>>>>> thierry
>>>>
>>>> My personal opinion on this is to start with Domain Level 1 regardless. We
>>>> already "solved" the DNS forwarders otherwise, with docs, async updates etc. I
>>>> do not think we will be returning to implementing proper Domain Level support
>>>> for that anyway.
>>>>
>>>> So I rather think that all the "Domain Level starts with 0, 1 is unused, 2 is
>>>> the top one" will cause unforeseen issues I would rather like to avoid.
>>>
>>> I'm more worried about confusion in future. To to me it simply seems easier to
>>> bump one integer now than to document and explain (to users & new developers)
>>> why we have two "ones" which mean something else.
>>>
>>> Code-wise it is just an integer.
>>>
>>> Also, it can simplify logic in future when we decide to do another
>>> incompatible change in DNS tree because we will have only one integer to test
>>> (instead of checking two separate version attribute in DNS tree & domain
>>> level).
>>
>> +1, but I think the minimum supported domain level should be 1, not 0, because
>> 0 means the server uses the old DNS schema, which we do not support anymore,
>> right?
> 
> Good point!
> 

It may be a good point, but it does not make the situation easier. You still
have RHEL/CentOS 6.x IPA out there, where some of them already support the new
DNS forwarders and some don't - and neither of them support Domain Levels -
i.e. have Domain Level 0.

As I said, I still see more complications with this proposals than benefits...