[Freeipa-devel] [PATCH] 0002 Add client install option to set ipa_backup_server
Petr Spacek
pspacek at redhat.com
Thu Jul 28 08:30:48 UTC 2016
On 27.7.2016 20:03, Martin Basti wrote:
>
>
> On 26.07.2016 17:01, Ariel Barria wrote:
>> Hello everyone.
>>
>> I send patch for review.
>>
>> Regards,
>>
>>
> Hello, thank you for the patch, but I have a few comments:
>
> 1)
> can you please use option --backup-server instead of --ipa-backup-server to be
> consistent with --server (as we don't have option --ipa-server)
>
> 2)
> values passed by --server option are validated if it is IPA server or not,
> this should happen for backup server(s) too.
>
> But looking to current ipa-client-install, it may be challenging to achieve
> this goal. I'm afraid that you might rather wait until we refactor the client
> code (next release hopefully). But in case you are brave enough, I can provide
> advises, but it will be hell.
>
> 3)
> There is a question, if the backup server should be used also for krb5.conf or
> other configs where multiple servers can be specified. Probably not. But at
> least this should be mentioned in manpage that this option is used only for
> SSSD (probably there should be check to prevent using --backup-server together
> with --no-sssd option)
I would use backup_servers even in krb5.conf. Quick testing indicates that
krb5 lib respects order of KDCs in krb5.conf so simply list backup servers at
the end of the list.
That would remove mutual exclusivity of --no-sssd and --backup-server options.
Petr^2 Spacek
>
> 4)
> 'man ipa-client-install' should be updated with the new option
>
> 5)
> ipa_backup_server allows to specify multiple servers, so the new option should
> be multivalued (and then joined to coma separated list into SSSD config)
>
> regards,
> Martin
More information about the Freeipa-devel
mailing list