[Freeipa-devel] New/Updated FreeIPA design pages

thierry bordaz tbordaz at redhat.com
Thu Dec 18 09:56:47 UTC 2014 

On 12/16/2014 05:44 PM, Simo Sorce wrote:
> On Tue, 16 Dec 2014 10:40:20 -0500
> Simo Sorce <simo at redhat.com> wrote:
>
>> On Tue, 16 Dec 2014 15:57:34 +0100
>> Ludwig Krispenz <lkrispen at redhat.com> wrote:
>>
>>> On 12/16/2014 03:22 PM, Simo Sorce wrote:
>>>> On Tue, 16 Dec 2014 11:33:41 +0100
>>>> Ludwig Krispenz <lkrispen at redhat.com> wrote:
>>>>
>>>>> Hi Simo,
>>>>>
>>>>> one thing is not quite clear to me: do you want a domain level
>>>>> per feature or a global domain level or both ?
>>>> The Domain Level is global.
>>>> I described a "Feature Version" that is published by feature.
>>>> The Feature Versions just state what is available they do not
>>>> determine what is the current overall Domain Level.
>>> Ok, just to confirm my understanding.
>>>
>>> - we have one domain level.
>> Yes.
Hello,

Domain level can only be increased. Can it interfere with the ability of 
the admin to downgrade a software version ?

thanks
thierry
>>> - each (new) plugin or compoment has to define its minimal domain
>>> level and execute only features covered by this level
>> Each plugin may have different behavior based on the domain level it
>> is enabled, however the highest level is open-ended. IE a plugin must
>> not stop working if it see a higher level than was known when it was
>> built.
>>
>> SO a plugin may have an if/else like this:
>>
>> if (level < MIN_DOM_LEVEL) {
>>     return;
>> } else if (level < XYZ_DOM_LEVEL) {
>>     /* do something */
>> } else {
>>     /* do something else */
>> }
>>
>> The last branch is always there unless we are going to stop using a
>> plugin and intentionally want it to stop working once the domain level
>> is raised past the XYZ_DOM_LEVEL (whatever that will be).
>>
>>> - in addition, these plugins have to expose their (plugin)  version
>>> on each server, allowing checks for setting the domain level
>> Yes,
>> we can refine this part though, for example each plugin could publish
>> the minimum domain level is supports instead of a version number if
>> that is useful or easier to manage. But this is not sufficient to do
>> checks, we still need to know, in some cases, also what is the
>> maximum level known for some plugins (but not for others), so we'll
>> still need a detailed list of things to check.
>>
>> If this is too complex however, maybe we can simply publish a
>> "supported domain level" number per server, and deal internally within
>> a server on how to publish it.
> A "supported domain levels" range really, so we can say IPA v8.0 support
> level 2-3-4 but not 0 or 1 or 5 (which is supported only by v9.0
>
> Actually, I think I will go and change the proposal this way, it will
> make it much easier to deal with for checks.
>
> Simo.
>

More information about the Freeipa-devel mailing list