[Freeipa-devel] [PATCH 0069] ipa-replica-install support caless install with promotion.

Jan Cholasta jcholast at redhat.com
Wed Dec 2 06:58:51 UTC 2015 

On 1.12.2015 14:27, David Kupka wrote:
> On 30/11/15 17:24, Jan Cholasta wrote:
>> Hi,
>>
>> On 27.11.2015 07:57, David Kupka wrote:
>>> On 26/11/15 15:22, David Kupka wrote:
>>>> On 26/11/15 15:13, David Kupka wrote:
>>>>> On 26/11/15 15:01, David Kupka wrote:
>>>>>> https://fedorahosted.org/freeipa/ticket/5441
>>>>>>
>>>>>>
>>>>> Replaced accidentally inserted tabs.
>>>>>
>>>>>
>>>>>
>>>> Fixed indentation I screwed up when replacing tabs :-/
>>
>> 1) The deprecated --*_pkcs12 and --*_pin aliases should not be supported
>> in ipa-replica-install.

In ServerCA, inherit the knobs from BaseServerCA rather than 
BaseServer.ca. The "#pylint: disable=no-member" will no longer be necessary.

In ipa-server-install help, there are 2 "certificate system" option 
groups. This is a shortcoming in the installer framework, which will be 
addressed in the future. For now, please inherit *all* knobs of 
BaseServerCA in ServerCA as a workaround.

>>
>>
>> 2) This check from ipa-replica-prepare should be added to
>> Replica.__init__() as well:
>>
>>          # If any of the PKCS#12 options are selected, all are required.
>>          cert_file_req = (options.dirsrv_cert_files,
>> options.http_cert_files)
>>          cert_file_opt = (options.pkinit_cert_files,)
>>          if any(cert_file_req + cert_file_opt) and not
>> all(cert_file_req):
>>              self.option_parser.error(
>>                  "--dirsrv-cert-file and --http-cert-file are required
>> if any "
>>                  "PKCS#12 options are used.")

The check is done when replica file is specified in the patch, but it 
should be done only when replica file is *not* specified.

>> 6) Please make the ca_is_enabled argument of install_replica_ds() and
>> install_http() mandatory and fill as appropriate when called, it will
>> make the code more readable.

This bit in install_http() is redundant now:

+    if ca_is_configured is None:
+        ca_is_configured = ipautil.file_exists(config.dir + "/cacert.p12")

>>
>>
>> 7)
>>
>> $ git diff -U0 | pep8 --diff
>> ./ipaserver/install/server/replicainstall.py:99:80: E501 line too long
>> (82 > 79 characters)
>> ./ipaserver/install/server/replicainstall.py:161:80: E501 line too long
>> (82 > 79 characters)
>> ./ipaserver/install/server/replicainstall.py:1289:13: E265 block comment
>> should start with '# '
>> ./ipaserver/install/server/replicainstall.py:1291:17: E125 continuation
>> line with same indent as next logical line
>> ./ipaserver/install/server/replicainstall.py:1291:17: E128 continuation
>> line under-indented for visual indent

$ git diff -U0 | pep8 --diff
./ipaserver/install/server/install.py:1142:1: E302 expected 2 blank 
lines, found 1
./ipaserver/install/server/install.py:1143:5: E265 block comment should 
start with '# '
./ipaserver/install/server/install.py:1160:17: E222 multiple spaces 
after operator
./ipaserver/install/server/install.py:1288:9: E265 block comment should 
start with '# '
./ipaserver/install/server/replicainstall.py:100:80: E501 line too long 
(82 > 79 characters)
./ipaserver/install/server/replicainstall.py:162:80: E501 line too long 
(82 > 79 characters)
./ipaserver/install/server/replicainstall.py:697:41: E251 unexpected 
spaces around keyword / parameter equals
./ipaserver/install/server/replicainstall.py:697:43: E251 unexpected 
spaces around keyword / parameter equals
./ipaserver/install/server/replicainstall.py:922:9: E129 visually 
indented line with same indent as next logical line
./ipaserver/install/server/replicainstall.py:925:14: E131 continuation 
line unaligned for hanging indent
./ipaserver/install/server/replicainstall.py:1345:9: E265 block comment 
should start with '# '
./ipaserver/install/server/replicainstall.py:1389:21: E128 continuation 
line under-indented for visual indent


-- 
Jan Cholasta

More information about the Freeipa-devel mailing list