[Freeipa-devel] [DESIGN] Server Roles

[Martin Babinsky]

Hi list,

here is a link (http://www.freeipa.org/page/V4/Server_Roles) to WIP 
design document concerning the concept of Server Roles as a 
user-friendly abstraction of the services running on IPA masters.

The main aim of this feature is to provide a higher level interface to 
query and manipulate service-related information stored in dirsrv backend.

I have not touched the design much from the post-Devconf session, mainly 
because there are some points to clarify and agree upon.

I have the following points to discuss:

1.) the design assumes that there is a distinction between roles such as 
DNS server, CA, etc. and the more specific sub-roles such as DNSSec key 
master, CRL master, etc. Now in the hindsight I think this distinction 
is quite artificial and just clutters the interface unnecessarily. We 
might implement this kind of hierarchy in the code itself but that is 
something the user needs not be aware of.

2.) I guess the role names should be case insensitive so that users are 
not hindered by trying to get the case right.

3.) Do we need an internal API call which will add all services 
belonging to a role to the corresponding master entry? (basically a 
'server_add_role' type of command). Currently, each service instance 
adds its own service entry during service installation so we probably do 
not need to duplicate this functionality.

That is all I can think of right now. I had many more questions popping 
up during this night's bout of insomnia, but they got lost during the day.

Do not be afraid to bring up other questions/remarks/comments. This is 
my first design documents so I expect them to be plenty.

-- 
Martin^3 Babinsky