freeipa/install
Petr Vobornik b4fc6f4ba8 Load updated Web UI files after server upgrade
Issue:
* There was no caching policy specified.
* -> Browsers use their own default policy.
* -> After upgrade, some Web UI files might have been actualized some not.
* -> With schema change may result into weird bugs in Web UI

Solution considerations:

1. Detect server version change and hard-reload at runtime
Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it.

2. Application Cache
HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files).

Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail.

3. Set Expires to now() for everything
Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed.

Solution:
* Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded.
* The loader adds a version parameter (?v=__NUM_VERSION__) to all requests.
* Version is defined in the loader. It's set to current in `make version-update`.
* All static pages use this loader to fetch their resources.
* Version is also passed to dojo loader as cache-bust for the same effect.
* Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration).

Possible issues:
* Images are cached but not requested with version param.
  * Images with version and without are considered different
  * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS.
  * Proposed solution is to change image name when changing image. Image change is done rarely.
* Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins.
  * No action taken to address this issue yet.
  * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/)
  * or set expires to now for all plugins
* running `make version-update` is required in order to use static version of UI for testing

https://fedorahosted.org/freeipa/ticket/3798
2013-10-16 18:06:30 +02:00
..
certmonger Remove unused krbV imports 2013-02-01 08:13:17 +01:00
conf Load updated Web UI files after server upgrade 2013-10-16 18:06:30 +02:00
ffextension Kerberos authentication extension makefiles 2012-10-04 18:07:34 -04:00
html Load updated Web UI files after server upgrade 2013-10-16 18:06:30 +02:00
migration Use IPAdmin rather than raw python-ldap in migration.py and ipadiscovery.py 2013-03-13 12:36:33 +01:00
po Update translations from Transifex 2013-10-04 14:51:19 +02:00
restart_scripts Make CS.cfg edits with CA instance stopped 2013-08-26 16:21:36 +02:00
share Remove --no-serial-autoincrement 2013-10-11 09:47:59 +02:00
tools adtrustinstance: Properly handle uninstall of AD trust instance 2013-10-14 11:11:17 +02:00
ui Load updated Web UI files after server upgrade 2013-10-16 18:06:30 +02:00
updates Remove faulty DNS memberOf Task 2013-10-04 14:30:13 +02:00
wsgi Generate plugin index dynamically 2013-05-06 16:22:30 +02:00
configure.ac Prevent *.pyo and *.pyc multilib problems 2013-08-13 15:31:46 +02:00
Makefile.am Change group ownership of CRL publish directory 2013-07-16 12:17:40 +02:00
README.schema Add some basic rules for adding new schema 2010-08-27 13:40:37 -04:00

Ground rules on adding new schema

Brand new schema, particularly when written specifically for IPA, should be
added in share/*.ldif. Any new files need to be explicitly loaded in
ipaserver/install/dsinstance.py. These simply get copied directly into
the new instance schema directory.

Existing schema (e.g. in an LDAP draft) may either be added as a separate
ldif in share or as an update in the updates directory. The advantage of
adding the schema as an update is if 389-ds ever adds the schema then the
installation won't fail due to existing schema failing to load during
bootstrap.

If the new schema requires a new container then this should be added
to install/bootstrap-template.ldif.