[Freeipa-devel] [PATCH] 1087 Some missing v3 schema on upgrades

Simo Sorce simo at redhat.com
Tue Feb 19 19:23:17 UTC 2013 

On Tue, 2013-02-19 at 13:32 -0500, Rob Crittenden wrote:
> Jan Cholasta wrote:
> > Hi,
> >
> > On 18.2.2013 22:00, Rob Crittenden wrote:
> >> An objectclass and attribute are not being added on upgrades. Missing
> >> these causes the UI to not work.
> >>
> >> I also noticed a typo in the ordering of a number of the trust
> >> attributes so fix those as well.
> >>
> >> rob
> >>
> >
> > The patch looks good, but I think errors like this will pop up from time
> > to time, because we have to maintain the same thing in two places - the
> > installation LDIFs and update files. Maybe we should start thinking
> > about merging these two somehow, e.g. using the LDIFs for both
> > installation and updates, with directives for the updater in specially
> > formatted comments.
> >
> > Honza
> >
> 
> This idea came up long, long ago when we first added the updater very 
> early in v2. The problem, as I recall, is that some schema is needed 
> during the install so we need to ship it in ldif format, and the idea of 
> splitting it didn't appeal to us.
> 
> So perhaps what we should endeavor to do is add all new schema via 
> updates and only update the schema files themselves if the schema is 
> needed for a fresh install (since updates are done last).
> 
> This also puts more schema into 99user.ldif which may or may not be 
> desirable.

Ron another option is to keep putting all updates only in schema files,
and then have the updater "validate" the schema files.

Validation would be:
1. Download schema from server (we already do this in the framework so
it comes for free)
2. parse the schema files and check if each attribute and objectclass is
present and in the correct form.
3. if any attribute is missing, we add it
4. if any attribute has been changed, we change it
5. same for object classes.

This would allow us to keep everything just in schema files, and for now
only updates would end up in 99.ldif

I know there is also work in 389ds to improve schema validation and
handling, so there is a chance in future we will have online interfaces
to put data in multiple files w/o lumping everything in 99.ldif

So by keeping stuff in schema files rather than arbitrary update files
we are also sort of future proof.

Finally keeping data in schema files instead of spreading it in updates
should make it easier to keep an eye on the whole schema.

The main issue I see is that this approach needs new code to analyze and
compare schema files, however that shouldn't be overly hard.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-devel mailing list