[Freeipa-devel] [PATCH 0051] IPA server and replica installers can accept options from config file
Alexander Bokovoy
abokovoy at redhat.com
Wed Jul 29 10:37:50 UTC 2015
On Wed, 29 Jul 2015, Martin Babinsky wrote:
>Initial attempt to implement
>https://fedorahosted.org/freeipa/ticket/4517
>
>Some points to discuss:
>
>1.) name of the config entries: currently the option names are derived
>from CLI options but have underscores in them instead of dashes. Maybe
>keeping the CLI option names also for config entries will make it
>easier for the user to transfer their CLI options from scripts to
>config files.
I would prefer that too. Or you can simply allow both _ and -, this
should be relatively simple.
>2.) Config sections: there is currently only one valid section named
>'[global]' in accordance with the format of 'default.conf'. Should we
>have separate sections equivalent to option groups in CLI (e.g.
>[basic], [certificate system], [dns])?
What about using a different approach -- allowing to specify which
section to process, defaulting to [global]. This would allow to have a
single config file for whole setup, if needed, and just vary which
section to use.
Maybe global section could always be processed and the rest could be
used to amend the configuration?
As an example,
[global]
setup_dns
realm = EXAMPLE.COM
domain = example.com
ds-password = SuperSecretPasswordHere
admin-password = EquallySecretPasswordHere
mkhomedir
[m1.example.com]
hostname=m1.example.com
[m2.example.com]
hostname=m2.example.com
setup_dns = False
mkhomedir = False
You can see I also kind of suggest to allow accepting True/Fals to
boolean options to allow _unsetting_ the effect of the default set in
the [global] section.
>3.) Handling of unattended mode when specifying a config file:
>Currently there is no connection between --config-file and unattended
>mode. So when you run ipa-server-install using config file, you still
>get asked for missing stuff. Should '--config-file' automatically
>imply '--unattended'?
Well, there is certain beauty of providing some arguments from the
config file and be asked for the rest. Unattended is more explicit in
the way of handling so I would still keep them separate.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list