[Freeipa-devel] Structured DNS record API proposal

Martin Kosek mkosek at redhat.com
Wed Sep 21 15:44:07 UTC 2011 

On Wed, 2011-09-21 at 08:06 -0700, yi zhang wrote:
> On 09/21/2011 01:58 AM, Adam Tkac wrote:
> > On 09/16/2011 02:25 PM, Martin Kosek wrote:
> >> On Fri, 2011-09-16 at 08:12 -0400, Simo Sorce wrote:
> >>> Whatever you do do not split this operation into a DEL+ADD, we want an
> >>> atomic modify operation in any case. as you do not want to have a race
> >>> where named may query the MX records and find them empty. That'd be much
> >>> worse than returning one of them outdated.
> >>>
> >>> This means whatever the API we need to support a way to add all values
> >>> at the same time. We can also have the more verbose API to make things
> >>> more understandable, but we need this "bulk" API for the WebUI IMHO.
> >> I agree, the change shouldn't be split to del+add. My proposed API:
> >>
> >> dnsrecord-mx-mod example.com --dnsrecord="1 mx1.example.com." --preference=0
> >>
> >> would do just one write to LDAP. Unfortunately, this is not so pretty
> >> for CLI, one would have to copy&paste raw DNS value to be able to edit
> >> its components, but it should be simple for WebUI. Right now, I don't
> >> see some better way.
> >>
> > I thought about this CLI proposal and it is definitely a good start. In
> > the future we can consider to improve the CLI this way, for example:
> >
> > $ dnsrecord-mx-mod example.com --preference=0
> > Which record would you like to change?
> > [1] 1 mx1.example.com.
> > [2] 10 mx2.example.com.
> > $<select the record>
> >
> > This way will be more convenient for people which use CLI, especially
> > when we start to support DNSSEC and resource record types which store
> > certificates (CERT/SSHFP) get widely used. I doubt that someone likes
> > copying&pasting SHA* hashes and RSA signatures every time when some
> > record is modified.
> >
> > Regards, Adam
> Interactive mode is useful in some case. But can people still script 
> with this CLI? I hope this CLI can still offer non-interactive mode so 
> it would be more script-friendly.
> BTW, I am a QA.
> 
> Yi

That's a good question. But yes - it will be still scriptable. The
prompt is just a user-helper, not an essential instrument to do the DNS
changes.

Martin

More information about the Freeipa-devel mailing list