[Freeipa-devel] New/Updated FreeIPA design pages

Simo Sorce simo at redhat.com
Tue Dec 16 15:40:20 UTC 2014 

On Tue, 16 Dec 2014 15:57:34 +0100
Ludwig Krispenz <lkrispen at redhat.com> wrote:

> 
> On 12/16/2014 03:22 PM, Simo Sorce wrote:
> > On Tue, 16 Dec 2014 11:33:41 +0100
> > Ludwig Krispenz <lkrispen at redhat.com> wrote:
> >
> >> Hi Simo,
> >>
> >> one thing is not quite clear to me: do you want a domain level per
> >> feature or a global domain level or both ?
> > The Domain Level is global.
> > I described a "Feature Version" that is published by feature.
> > The Feature Versions just state what is available they do not
> > determine what is the current overall Domain Level.
> Ok, just to confirm my understanding.
> 
> - we have one domain level.

Yes.

> - each (new) plugin or compoment has to define its minimal domain
> level and execute only features covered by this level

Each plugin may have different behavior based on the domain level it
is enabled, however the highest level is open-ended. IE a plugin must
not stop working if it see a higher level than was known when it was
built.

SO a plugin may have an if/else like this:

if (level < MIN_DOM_LEVEL) {
   return;
} else if (level < XYZ_DOM_LEVEL) {
   /* do something */
} else {
   /* do something else */
}

The last branch is always there unless we are going to stop using a
plugin and intentionally want it to stop working once the domain level
is raised past the XYZ_DOM_LEVEL (whatever that will be).

> - in addition, these plugins have to expose their (plugin)  version
> on each server, allowing checks for setting the domain level

Yes,
we can refine this part though, for example each plugin could publish
the minimum domain level is supports instead of a version number if that
is useful or easier to manage. But this is not sufficient to do checks,
we still need to know, in some cases, also what is the maximum level
known for some plugins (but not for others), so we'll still need a
detailed list of things to check.

If this is too complex however, maybe we can simply publish a
"supported domain level" number per server, and deal internally within
a server on how to publish it.

Simo.

> >
> >> For a single feature (eg topology management) it could be required
> >> that it is available on all servers, so it will be active only if
> >> it's domain level is set. But there could be another feature,
> >> independent of this one, it also could require to be installed on
> >> all servers, and wait until it's domain level is set.
> >> If we would only one domainlevel this would mean that all features
> >> need to be at a specific level until any of tehm could be enabled
> > We need to keep it simple. We can't have multiple domain levels or
> > it will quickly become a mess (test matrix will also explode).
> >
> > HTH,
> > Simo.
> >
> 



-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-devel mailing list