[Freeipa-devel] [PATCH] 948 handle ipa_kpasswd on upgrades
Rob Crittenden
rcritten at redhat.com
Wed Feb 15 13:35:46 UTC 2012
Martin Kosek wrote:
> On Mon, 2012-02-13 at 11:46 -0500, Rob Crittenden wrote:
>> When upgrading from 2.1 to 2.2 we need to kill any ipa_kpasswd processes
>> and uninstall it.
>>
>> We also need to update the dbmodules section in /etc/krb5.conf to
>> reflect the new kdb.
>>
>> rob
>
> The patch works fine, I just have few comments.
>
> This line seems a bit confusing (at least for me):
> + if not enabled is None and not enabled:
> + ipa_kpasswd.remove()
>
> I would prefer
> + if enabled is not None and not enabled:
> + ipa_kpasswd.remove()
>
> I know, its just a nitpick.
I saw that too and was tempted to change it but this is the way it is
done currently in services, didn't want to mess with success :-)
I'm not opposed.
>
> I checked update_dbmodules() function. It works but as we discussed,
> there is a lot of hard-coding and a success of this function depends on
> proper indentation etc. I would accept this fix as a short-term
> solution, in the future we may want to use some better means to update
> our configs like augeas that was already discussed before.
Yes, ideally we'll switch to using the ipaChangeConf module but it
doesn't support searching within subsections yet.
rob
More information about the Freeipa-devel
mailing list