[Freeipa-devel] [PATCH] Add DRM to IPA
Ade Lee
alee at redhat.com
Wed Apr 30 15:41:57 UTC 2014
I've attached two new patches to address the problems/ questions raised
in the previous patches. I also do a little cleanup of the
cainstance.py file. The comments on ipa-drm-install have been addressed
too.
See specific comments below.
Thanks,
Ade
On Tue, 2014-04-15 at 11:41 -0400, Rob Crittenden wrote:
> Ade Lee wrote:
> > Attached a new patch to address some of the concerns below, specifically
> > I created a new base class DogtagInstance, in which much of the common
> > CA/KRA code is placed. I'm sure we could go further in reducing
> > duplication, and I'm open to further suggestions and refinements.
> >
> > I did not tackle the packaging and spec file dependencies, because I'd
> > like some clearer direction on how we want to proceed here. In any
> > case, I think the splitting of the ipa packages into ca and possibly kra
> > packages should be a separate patch.
> >
> > As before, with this patch you can:
> > - install a ca and drm using ipa-server-install
> > - install a ca and drm replica using
> > ipa-replica-prepare <hostname>
> > ipa-replica-install --setup-ca --setup-drm <replia file>
> >
> > You need to use a PKI build from the 10.2 (master) branch). One such
> > build is given below:
> > http://copr.fedoraproject.org/coprs/vakwetu/dogtag/repo/fedora-20-x86_64/vakwetu-dogtag-fedora-20-x86_64.repo
>
> The terms KRA and DRM tend to be used interchangeably. Should we pick one?
>
The "official" name of the subsystem is "DRM" so I have used that name
wherever possible -- ie. in basedns and log messages. If I missed one,
let me know. On the other hand, we use "kra" is many parts of the code
- for instance - pkispawn requires kra, and the config files use kra.
> Need to bump the version number in install/conf/ipa-pki-proxy.conf so
> that upgrades get the new LocationMatch.
>
done - updated to version 5
> ipa-replica-install still uses the if/then to set the value of
> enable_drm when it can be reduced like you did in ipa-server-install.
>
done.
> In ipa-server-install you have an extra comment, probably left for
> yourself: # code to create drm here
>
removed
> In dogtaginstance.py there are a few direct references to DRM in
> comments and output.
>
removed
> cainstance.py doesn't need to override is_installed.py
>
removed
> I also don't think you need the explicit definitions for enable,
> start_instance, etc. Those should be inherited from the DogtagInstance
> class, in both cainstance.py and drminstance.py.
>
Done
> I think spawn_instance should take an option to add things to nolog in
> case there are server-independent things we don't want to log.
>
Done
> I don't want to pile too much on, but it seems to me that if we are
> going to copy in default.conf then we can do away with realm_info
> completely and just use default.conf. Both would need to be supported
> for a while though. Martin, what do you think?
>
I propose we make this change in a separate patch as this is really a
separate cleanup.
> I still have quite a bit of functional testing to go. I've only
> installed a fresh standalone master. Still need to do upgrade and
> replication testing.
>
> rob
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-a-DRM-to-IPA.patch
Type: text/x-patch
Size: 40124 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140430/a091e401/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Add-a-DRM-to-IPA.patch
Type: text/x-patch
Size: 73390 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140430/a091e401/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-Added-ipa-drm-install.patch
Type: text/x-patch
Size: 22704 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140430/a091e401/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-Added-nolog-to-pkispawn-and-some-additional-fixes-fr.patch
Type: text/x-patch
Size: 13199 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140430/a091e401/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Fix-various-pep-8-issues-and-comments-from-review.patch
Type: text/x-patch
Size: 31467 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140430/a091e401/attachment-0004.bin>
More information about the Freeipa-devel
mailing list