[Freeipa-devel] New/Updated FreeIPA design pages
Martin Kosek
mkosek at redhat.com
Wed Dec 17 15:11:27 UTC 2014
On 12/17/2014 03:52 PM, Simo Sorce wrote:
> On Wed, 17 Dec 2014 12:59:56 +0100
> Martin Kosek <mkosek at redhat.com> wrote:
>
>> On 12/15/2014 11:01 PM, Simo Sorce wrote:
>>>
>>> Hello fellow developers, I added this new design:
>>> http://www.freeipa.org/page/V4/Domain_Levels
>>>
>>> It is a prerequisite for both the Replica Promotion design:
>>> http://www.freeipa.org/page/V4/Replica_Promotion
>>> and the Topology plugins design:
>>> http://www.freeipa.org/page/V4/Manage_replication_topology
>>> (Ludwig will change this to include the changes we have discussed
>>> in a previous phone call, and which involve mostly Domain
>>> Level/Domain Upgrades/migrations issues)
>>>
>>> As usual feel free to add as needed or comments and ask questions.
>>>
>>> Simo.
>>>
>>
>> Thanks! For starters, please follow
>>
>> http://www.freeipa.org/page/Feature_template
>>
>> next time :-) Don't worry, I updated current proposal to follow it.
>
> Ah you mean you broke and moved down one notch all the headings that I
> changed one level up because the default ones are ugly ? :-)
No? :-) In meadiawiki, the highest headings you are supposed to use is "==" as
"=" generates <h1> header and there should be just one <h1> on the page - and
that is the page name.
> Why do you start at == level instead of = ?
See the note in
http://www.mediawiki.org/wiki/Help:Formatting#Level_2
This is the reason why I changed levels in the Feature template - to drive the
good mediawiki practices.
> Starting at == makes === almost disappear within the text and sections
> do not stand up anymore ...
Then the problem is not in levels, but in the CSS we use - this is something we
can fix.
>> On top of what was already said, I have couple comments:
>>
>>
>> 1) Relation between domain levels and FreeIPA versions
>>
>> It is now proposed as "numbers", how do we define the relation? Did
>> you want to create new domain level on needed basis?
>
> It is totally on a need to change basis.
>
>> So we would have mapping like
>>
>> Domain level 0 --> FreeIPA 4.1 or older
>> Domain level 1 --> FreeIPA 4.2 --> replica promotion, topology plugin
>> user life cycle
>> Domain level 2 --> FreeIPA 4.3 - FreeIPA 4.4 --> thin API client
>> Domain level 3 --> FreeIPA 5.0 --> IPA-IPA trusts
>
> NO.
> We change Domain Level only when there is a well defined *need*.
>
> If we change something that absolutely requires all of the servers to
> have it/update it then we have a candidate reason for a level change.
> Otherwise not.
>
>> ? Would it be more transparent to simply use versions as AD does [1]
>> and always define which features require it? I.e.:
>>
>> Domain level "4.2"
>> Domain level "4.3" --> thin API client
>> Domain level "4.4" --> no changes
>> Domain level "5.0" --> IPA-IPA trusts
>
> Certainly we'll need to document what Domain level a feature needs to
> be activated, it will be necessary because said feature will have to
> deactivate itself both in the CLI and UI if the domain level is not
> high enough, and appropriate error messages need to be returned.
I agree both on this comment and comment above. So you would like to push for
numeric levels which we would then map in documentation with FreeIPA versions,
right?
>
>> 2) Backporting features
>> Long standing problem with API version was if for example RHEL/CentOS
>> 6.6 does not rebase, but only backports selected patches/features
>> from higher versions. Should it bump the API/supported Domain Level?
>
> If you create a frankenstein you need to make sure you backport all the
> features necessary to interoperate at a specific domain level, or you
> do not get to claim support for that level.
>
>> Or should it only bump Domain Level if and only if it backports *all*
>> features for the respective domain level?
>
> Exactly, you have to be consistent.
>
>> 3) Storing server and global domain level in LDAP
>> I added [2].
>
> Thanks, although I think we'll need to store the domain level in it's
> own object. The reason is that plugins may end up listening in to see
> if it change and we do not want to have all of them parse every change
> that goes into cn=ipaConfig all the time.
>
> So I will change the container name.
Ok, makes sense.
>
> Simo.
>
>>
>> [1]
>> http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
>> [2] http://www.freeipa.org/page/V4/Domain_Levels#Storing_Domain_levels
>
>
>
More information about the Freeipa-devel
mailing list