[Freeipa-devel] [PATCH] 0001 Enhance the DNSNotARecordError message

[Petr Spacek]

On 13.7.2015 16:32, Alexander Bokovoy wrote:
> On Mon, 13 Jul 2015, Jan Pazdziora wrote:
>> On Mon, Jul 13, 2015 at 03:12:13PM +0200, Petr Spacek wrote:
>>>
>>> Personally-opinionated-NACK.
>>>
>>> I would like to avoid advertising --force options when possible. --force
>>> should not be necessary in proper setups and advertising it will make people
>>> to use it instead of fixing underlying problems.
>>
>> How do you propose for things to work when the host is pre-created
>> (with --random) and the service should be pre-created, and then IP
>> address will only be set by the machine itself when it IPA-enrolls
>> with the OTP?
> This is a workflow question, not a code fix. If you need to use --force,
> use it but this specific flow has to be documented, not suggested by the
> code. We have plenty of cases where you have to use --addattr/--setattr
> as well, but we don't advertise them in the error messages.
> 
> On contrary, documenting the fact that in some workflows you actually
> need to override default belts and suspenders is fine.

I agree with Alexander. The point is that you have to know what you are doing
if you decide to use --force/--setattr and advertising them will lead to cargo
cults.

The idea of services/hosts without host entry may be worth discussing, please
start a separate thread on ipa-devel.

-- 
Petr^2 Spacek