[Freeipa-devel] Structured DNS record API proposal

yi zhang yzhang at redhat.com
Wed Sep 21 15:45:43 UTC 2011


On 09/21/2011 08:44 AM, Martin Kosek wrote:
> On Wed, 2011-09-21 at 08:06 -0700, yi zhang wrote:
>> On 09/21/2011 01:58 AM, Adam Tkac wrote:
>>> On 09/16/2011 02:25 PM, Martin Kosek wrote:
>>>> On Fri, 2011-09-16 at 08:12 -0400, Simo Sorce wrote:
>>>>> Whatever you do do not split this operation into a DEL+ADD, we want an
>>>>> atomic modify operation in any case. as you do not want to have a race
>>>>> where named may query the MX records and find them empty. That'd be much
>>>>> worse than returning one of them outdated.
>>>>>
>>>>> This means whatever the API we need to support a way to add all values
>>>>> at the same time. We can also have the more verbose API to make things
>>>>> more understandable, but we need this "bulk" API for the WebUI IMHO.
>>>> I agree, the change shouldn't be split to del+add. My proposed API:
>>>>
>>>> dnsrecord-mx-mod example.com --dnsrecord="1 mx1.example.com." --preference=0
>>>>
>>>> would do just one write to LDAP. Unfortunately, this is not so pretty
>>>> for CLI, one would have to copy&paste raw DNS value to be able to edit
>>>> its components, but it should be simple for WebUI. Right now, I don't
>>>> see some better way.
>>>>
>>> I thought about this CLI proposal and it is definitely a good start. In
>>> the future we can consider to improve the CLI this way, for example:
>>>
>>> $ dnsrecord-mx-mod example.com --preference=0
>>> Which record would you like to change?
>>> [1] 1 mx1.example.com.
>>> [2] 10 mx2.example.com.
>>> $<select the record>
>>>
>>> This way will be more convenient for people which use CLI, especially
>>> when we start to support DNSSEC and resource record types which store
>>> certificates (CERT/SSHFP) get widely used. I doubt that someone likes
>>> copying&pasting SHA* hashes and RSA signatures every time when some
>>> record is modified.
>>>
>>> Regards, Adam
>> Interactive mode is useful in some case. But can people still script
>> with this CLI? I hope this CLI can still offer non-interactive mode so
>> it would be more script-friendly.
>> BTW, I am a QA.
>>
>> Yi
> That's a good question. But yes - it will be still scriptable. The
> prompt is just a user-helper, not an essential instrument to do the DNS
> changes.
>
> Martin
>
Thanks for being so thoughtful.

Yi

-- 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Yi Zhang                          |
| QA @ Mountain View, Calinfornia   |
| Cell: 408-509-6375                |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




More information about the Freeipa-devel mailing list