[Freeipa-devel] [PATCH] 1095 apply updates in order
Rob Crittenden
rcritten at redhat.com
Thu Apr 11 13:19:03 UTC 2013
Petr Viktorin wrote:
> On 04/10/2013 08:02 PM, Rob Crittenden wrote:
>> The original design of the LDAP updater was to use numbered update files
>> which would be applied in order in blocks of 10. We ended up just
>> applying everything together, sorted by length of the DN.
>
> Why not just sort the files lexicographically, and _run_updates after
> each one?
That might work. I did this mostly for schema which can have
interdependencies. I didn't want to force us to have humongous updates
for schema.
> I can kind of see the reasoning behind the blocks of ten, but it looks
> pretty arbitrary and unnecessarily complex.
> It will allow you to create/update parents and children anywhere in the
> block of 10 and they'll be sorted properly, but outside of the blocks
> you have to watch the ordering. This is pretty confusing; if it's really
> needed it should at least be in the README.
It is absolutely arbitrary.
I'll beef up the README.
In practice it probably isn't a big deal WHERE the updates get put, as
long as schema is first. This is just an attempt to force us to be
somewhat organized with things.
>> This works ok except in the case of roles/privileges/permissions wehre
>> it is possible that a role is added to a permission before the role is
>> created. So the permission has no memberOf attribute and things don't
>> work as expected.
>>
>> So this patch implements the by-10 rule and applies the files 10-19,
>> 20-29, etc. I left the ability to run unstructured updates too by
>> default.
>>
>> We also need to revert this commit which breaks a test case now that
>> roles/permissions are created properly,
>> f7e27b547547be06f511a3ddfaff8db7d0b7898f
>
> \o/
>
>
> In the README, 10 - 19 should be Schema & configuration.
OK.
> While you're at it you can update the FDS Server reference (FDS was
> Fedora Directory Server, right?)
>
Yeah, shows how old this is. I'll fix it.
rob
More information about the Freeipa-devel
mailing list