Mauricio Tavares via FreeIPA-devel wrote:
On Thu, May 9, 2024 at 12:25 AM Alexander Bokovoy
<abokovoy(a)redhat.com> wrote:
>
> On Срд, 08 мая 2024, Mauricio Tavares via FreeIPA-devel wrote:
>> constants.py[1] defines both constants (OK, their values are defined a
>> few lines up but you get the drift). Can I ASSume that
>> MIN_DOMAIN_LEVEL and MAX_DOMAIN_LEVEL define the ranges of domain
>> levels[2] a specific version of freeipa is happy to work with?
>>
>>
>> [1]
https://github.com/freeipa/freeipa/blob/master/ipalib/constants.py#L295C1...
>> [2]
https://www.freeipa.org/page/Releases/4.3.0.html#domain-level
>
> Yes, these are general constants. What is the need to know not a current
> domain level but rather a range?
>
> If this is what was discussed on #freeipa IRC channel, then the code
> there assumes minimum domain level of the current release to avoid
> working with IPA servers that weren't upgraded to that version and
> therefore have no implementation of expected functionality.
>
> The best solution there is to upgrade those servers and explicitly set
> domain level 1 on them with 'ipa domainlevel-set 1'.
>
While that is how it started, and while I was looking to
understand the process, I ended up with more questions, hence me
asking here instead of in the user mailing list. For instance, I
observed that some of the code that deals with domain levels assumes
that MIN_DOMAIN_LEVEL == domain level (Only place I remember seeing
both being used was ipaserver/install/server/__init__.py). So, they
are not just a range; if I were to guess I would say
1) MIN_DOMAIN_LEVEL = My domain level
No. It's the minimum domain level. We don't allow setting the domain
level to 0. The minimum is 1.
2) MAX_DOMAIN_LEVEL = The highest domain level I am comfortable
dealing with.
We only have two so MIN and MAX are the same. Theoretically they could
be different.
3) The actual numeric value for both constants will change with time
Most likely DL2 will be introduced at some point. It's been 9 years
since DL1 so they don't evolve rapidly. A domain level represents a
significant shift in some major feature of IPA that could represent an
incompatibility.
as freeipa evolves (see __init__.py above)
This is in the domain setter to prevent setting an illegal value.
4) I assume "ipa domainlevel-set 1" overrules MIN_DOMAIN_LEVEL, but
what if a given function that relies on it has MIN_DOMAIN_LEVEL
hardcoded to it (importing from the constants.py file)?
domainlevel-set sets the domain level of the installation. Its value is
bound by MIN and MAX domain level. It can only go higher from the
current value.
rob