[Freeipa-devel] [freeipa PR#764][comment] Basic uninstaller for the CA
stlaz
freeipa-github-notification at redhat.com
Tue May 9 10:09:16 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/764
Title: #764: Basic uninstaller for the CA
stlaz commented:
"""
@pvoborni @rcritten @martbab This discussion at this PR makes no sense. Clearly we can see that the impact is much higher and should be discussed on designated channels, meaning either **freeipa-devel** mailing list or in our issue tracking system (the former would be preferable with having the result in the latter). I believe that the guys from the Dogtag project could also have a great insight on this.
Here's questions which should answer why I want this to be discussed there:
- how to handle users so they don't use `ipa-ca-install --uninstall` any time?
- at which point is the installation recoverable and when it's not?
- describe what happens in each and every step, mention which files and entries are created
- on master
- on replica
- describe what has to be done in case a step fails for each and every step
- on master
- on replica
- describe how `ipa-ca-install` rollback should behave when installing first CA in a CA-less setup
These problems are just from the top of my head and I am a CA installation noob. I would however be very cautious not knowing an answer to either of those.
@rcritten if you do know the answers, please, share them with us (or maybe just me because I sure don't know them), it would help a lot with deciding on where to go from here.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/764#issuecomment-300120774
More information about the Freeipa-devel
mailing list