[Freeipa-devel] [PATCH] Add DRM to IPA

Ade Lee alee at redhat.com
Wed Apr 30 15:41:57 UTC 2014 

I've attached two new patches to address the problems/ questions raised
in the previous patches.  I also do a little cleanup of the
cainstance.py file.  The comments on ipa-drm-install have been addressed
too.

See specific comments below.

Thanks,
Ade

On Tue, 2014-04-15 at 11:41 -0400, Rob Crittenden wrote:
> Ade Lee wrote:
> > Attached a new patch to address some of the concerns below, specifically
> > I created a new base class DogtagInstance, in which much of the common
> > CA/KRA code is placed.  I'm sure we could go further in reducing
> > duplication, and I'm open to further suggestions and refinements.
> >
> > I did not tackle the packaging and spec file dependencies, because I'd
> > like some clearer direction on how we want to proceed here.  In any
> > case, I think the splitting of the ipa packages into ca and possibly kra
> > packages should be a separate patch.
> >
> > As before, with this patch you can:
> > - install a ca and drm using ipa-server-install
> > - install a ca and drm replica using
> >     ipa-replica-prepare <hostname>
> >     ipa-replica-install --setup-ca --setup-drm <replia file>
> >
> > You need to use a PKI build from the 10.2 (master) branch).  One such
> > build is given below:
> > http://copr.fedoraproject.org/coprs/vakwetu/dogtag/repo/fedora-20-x86_64/vakwetu-dogtag-fedora-20-x86_64.repo
> 
> The terms KRA and DRM tend to be used interchangeably. Should we pick one?
> 

The "official" name of the subsystem is "DRM" so I have used that name
wherever possible -- ie. in basedns and log messages.  If I missed one,
let me know.  On the other hand, we use "kra" is many parts of the code
- for instance - pkispawn requires kra, and the config files use kra.

> Need to bump the version number in install/conf/ipa-pki-proxy.conf so 
> that upgrades get the new LocationMatch.
> 
done - updated to version 5

> ipa-replica-install still uses the if/then to set the value of 
> enable_drm when it can be reduced like you did in ipa-server-install.
> 

done.

> In ipa-server-install you have an extra comment, probably left for 
> yourself: # code to create drm here
> 
removed

> In dogtaginstance.py there are a few direct references to DRM in 
> comments and output.
> 
removed

> cainstance.py doesn't need to override is_installed.py
> 
removed 

> I also don't think you need the explicit definitions for enable, 
> start_instance, etc. Those should be inherited from the DogtagInstance 
> class, in both cainstance.py and drminstance.py.
> 

Done
 
> I think spawn_instance should take an option to add things to nolog in 
> case there are server-independent things we don't want to log.
> 

Done

> I don't want to pile too much on, but it seems to me that if we are 
> going to copy in default.conf then we can do away with realm_info 
> completely and just use default.conf. Both would need to be supported 
> for a while though. Martin, what do you think?
> 

I propose we make this change in a separate patch as this is really a
separate cleanup.

> I still have quite a bit of functional testing to go. I've only 
> installed a fresh standalone master. Still need to do upgrade and 
> replication testing.
> 
> rob
> 

















-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-a-DRM-to-IPA.patch
Type: text/x-patch
Size: 40124 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140430/a091e401/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Add-a-DRM-to-IPA.patch
Type: text/x-patch
Size: 73390 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140430/a091e401/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-Added-ipa-drm-install.patch
Type: text/x-patch
Size: 22704 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140430/a091e401/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-Added-nolog-to-pkispawn-and-some-additional-fixes-fr.patch
Type: text/x-patch
Size: 13199 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140430/a091e401/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Fix-various-pep-8-issues-and-comments-from-review.patch
Type: text/x-patch
Size: 31467 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140430/a091e401/attachment-0004.bin>

More information about the Freeipa-devel mailing list