[Freeipa-devel] [PATCH] 1095 apply updates in order

[Rob Crittenden]

Petr Viktorin wrote:
> On 04/10/2013 08:02 PM, Rob Crittenden wrote:
>> The original design of the LDAP updater was to use numbered update files
>> which would be applied in order in blocks of 10. We ended up just
>> applying everything together, sorted by length of the DN.
>
> Why not just sort the files lexicographically, and _run_updates after
> each one?

That might work. I did this mostly for schema which can have 
interdependencies. I didn't want to force us to have humongous updates 
for schema.

> I can kind of see the reasoning behind the blocks of ten, but it looks
> pretty arbitrary and unnecessarily complex.
> It will allow you to create/update parents and children anywhere in the
> block of 10 and they'll be sorted properly, but outside of the blocks
> you have to watch the ordering. This is pretty confusing; if it's really
> needed it should at least be in the README.

It is absolutely arbitrary.

I'll beef up the README.

In practice it probably isn't a big deal WHERE the updates get put, as 
long as schema is first. This is just an attempt to force us to be 
somewhat organized with things.

>> This works ok except in the case of roles/privileges/permissions wehre
>> it is possible that a role is added to a permission  before the role is
>> created. So the permission has no memberOf attribute and things don't
>> work as expected.
>>
>> So this patch implements the by-10 rule and applies the files 10-19,
>> 20-29, etc. I left the ability to run unstructured updates too by
>> default.
>>
>> We also need to revert this commit which breaks a test case now that
>> roles/permissions are created properly,
>> f7e27b547547be06f511a3ddfaff8db7d0b7898f
>
> \o/
>
>
> In the README, 10 - 19 should be Schema & configuration.

OK.

> While you're at it you can update the FDS Server reference (FDS was
> Fedora Directory Server, right?)
>

Yeah, shows how old this is. I'll fix it.

rob