[Freeipa-devel] [PATCH] move replication topology to shared tree
Simo Sorce
simo at redhat.com
Fri Oct 10 16:44:14 UTC 2014
On Fri, 10 Oct 2014 18:38:36 +0200
Ludwig Krispenz <lkrispen at redhat.com> wrote:
>
> On 10/10/2014 06:30 PM, James wrote:
> > On 10 October 2014 12:21, Simo Sorce <simo at redhat.com> wrote:
> >
> >
> >> First thing, I do not think we want a new command here.
> >> If we need commands outside of the ipa framework they should be
> >> integrated in the ipa-replica-manage tool.
> >> But really one of the reasons to move data in the shared tree was
> >> that we could grow native framework command to handle the topology
> >> so we can manage the topology directly from the UI.
> >> So I am not happy with ipa-tology-manage
> > I agree here... I think the current interface of ipa-replica-manage
> > is fine, however the need to copy the credentials around and the
> > need for a password are the problem. In fact, I particularly like
> > the current interface, and puppet-ipa has already wrapped this
> > successfully. In other words, the design checks out. Good job IPA
> > team.
> >
> >> All management should happen in the shared tree, moving to be able
> >> to avoid directly touching cn=config and avoid the need for DM
> >> password is one of the main reasons to do this work ...
> I'll comment later on Simmo's other comments, but I need access to
> cn=config for two reasons,
> - I need to know if the plugin is deployed and enabled
Let's expose something in rootDSE then, that's the "standard" way to
do this (though it is unnecessary, if the shared tree is present you
already know it is available).
> - the plugin configuration contains the location in the the shared
> tree where the toplogy information is
> stored. I do not like to have hardcoded paths.
In IPA it will be absolutely hardcoded with no chance of changing it.
So it is not a problem for IPA tools.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list