[Freeipa-devel] [PATCH] move replication topology to shared tree
James
purpleidea at gmail.com
Fri Oct 10 16:30:56 UTC 2014
On 10 October 2014 12:21, Simo Sorce <simo at redhat.com> wrote:
> First thing, I do not think we want a new command here.
> If we need commands outside of the ipa framework they should be
> integrated in the ipa-replica-manage tool.
> But really one of the reasons to move data in the shared tree was that
> we could grow native framework command to handle the topology so we can
> manage the topology directly from the UI.
> So I am not happy with ipa-tology-manage
I agree here... I think the current interface of ipa-replica-manage is
fine, however the need to copy the credentials around and the need for
a password are the problem. In fact, I particularly like the current
interface, and puppet-ipa has already wrapped this successfully. In
other words, the design checks out. Good job IPA team.
> All management should happen in the shared tree, moving to be able to
> avoid directly touching cn=config and avoid the need for DM password is
> one of the main reasons to do this work ...
I'd just like to +1 / re-iterate this point...
In addition, thank you for hacking on this and for posting this for
early review.
Cheers,
James
More information about the Freeipa-devel
mailing list