[Freeipa-devel] [PATCH] move replication topology to shared tree
Ludwig Krispenz
lkrispen at redhat.com
Fri Oct 10 16:38:36 UTC 2014
On 10/10/2014 06:30 PM, James wrote:
> On 10 October 2014 12:21, Simo Sorce <simo at redhat.com> wrote:
>
>
>> First thing, I do not think we want a new command here.
>> If we need commands outside of the ipa framework they should be
>> integrated in the ipa-replica-manage tool.
>> But really one of the reasons to move data in the shared tree was that
>> we could grow native framework command to handle the topology so we can
>> manage the topology directly from the UI.
>> So I am not happy with ipa-tology-manage
> I agree here... I think the current interface of ipa-replica-manage is
> fine, however the need to copy the credentials around and the need for
> a password are the problem. In fact, I particularly like the current
> interface, and puppet-ipa has already wrapped this successfully. In
> other words, the design checks out. Good job IPA team.
>
>> All management should happen in the shared tree, moving to be able to
>> avoid directly touching cn=config and avoid the need for DM password is
>> one of the main reasons to do this work ...
I'll comment later on Simmo's other comments, but I need access to
cn=config for two reasons,
- I need to know if the plugin is deployed and enabled
- the plugin configuration contains the location in the the shared tree
where the toplogy information is
stored. I do not like to have hardcoded paths.
> I'd just like to +1 / re-iterate this point...
>
> In addition, thank you for hacking on this and for posting this for
> early review.
>
> Cheers,
> James
More information about the Freeipa-devel
mailing list