[Freeipa-devel] [freeipa PR#567][comment] Configure KDC to use certs after they are deployed
martbab
freeipa-github-notification at redhat.com
Fri Mar 10 07:36:41 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/567
Title: #567: Configure KDC to use certs after they are deployed
martbab commented:
"""
I think we can avoid the copy-pasta by actually moving PKINIT requesting code into `__common_post_setup` like this:
```diff
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -142,10 +142,15 @@ class KrbInstance(service.Service):
self.step("starting the KDC", self.__start_instance)
self.step("configuring KDC to start on boot", self.__enable)
+ if self.setup_pkinit:
+ self.step("installing X509 Certificate for PKINIT",
+ self.setup_pkinit)
+
def create_instance(self, realm_name, host_name, domain_name, admin_password, master_password, setup_pkinit=False, pkcs12_info=None, subject_base=None):
self.master_password = master_password
self.pkcs12_info = pkcs12_info
self.subject_base = subject_base
+ self.setup_pkinit = setup_pkinit
self.__common_setup(realm_name, host_name, domain_name, admin_password)
@@ -160,10 +165,6 @@ class KrbInstance(service.Service):
self.__common_post_setup()
- if setup_pkinit:
- self.step("installing X509 Certificate for PKINIT",
- self.setup_pkinit)
-
self.start_creation(runtime=30)
self.kpasswd = KpasswdInstance()
@@ -178,14 +179,12 @@ class KrbInstance(service.Service):
self.pkcs12_info = pkcs12_info
self.subject_base = subject_base
self.master_fqdn = master_fqdn
+ self.setup_pkinit = setup_pkinit
self.__common_setup(realm_name, host_name, domain_name, admin_password)
self.step("configuring KDC", self.__configure_instance)
self.step("adding the password extension to the directory", self.__add_pwd_extop_module)
- if setup_pkinit:
- self.step("installing X509 Certificate for PKINIT",
- self.setup_pkinit)
self.__common_post_setup()
```
Yes we have now duplicated member assignment but still better that duplicate logic. Also I have some inline comments.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/567#issuecomment-285599143
More information about the Freeipa-devel
mailing list