[Freeipa-devel] [PATCH 0051] IPA server and replica installers can accept options from config file

[Petr Vobornik]

On 07/29/2015 12:37 PM, Alexander Bokovoy wrote:
> On Wed, 29 Jul 2015, Martin Babinsky wrote:
>> Initial attempt to implement
>> https://fedorahosted.org/freeipa/ticket/4517
>>
>> Some points to discuss:
>>
>> 1.) name of the config entries: currently the option names are derived
>> from CLI options but have underscores in them instead of dashes. Maybe
>> keeping the CLI option names also for config entries will make it
>> easier for the user to transfer their CLI options from scripts to
>> config files.
> I would prefer that too. Or you can simply allow both _ and -, this
> should be relatively simple.

+1

>
>> 2.) Config sections: there is currently only one valid section named
>> '[global]' in accordance with the format of 'default.conf'. Should we
>> have separate sections equivalent to option groups in CLI (e.g.
>> [basic], [certificate system], [dns])?
> What about using a different approach -- allowing to specify which
> section to process, defaulting to [global]. This would allow to have a
> single config file for whole setup, if needed, and just vary which
> section to use.

Interesting idea.

>
> Maybe global section could always be processed and the rest could be
> used to amend the configuration?
>
> As an example,
>
> [global]
> setup_dns
> realm = EXAMPLE.COM
> domain = example.com
> ds-password = SuperSecretPasswordHere
> admin-password = EquallySecretPasswordHere
> mkhomedir
>
> [m1.example.com]
> hostname=m1.example.com
>
>
> [m2.example.com]
> hostname=m2.example.com
> setup_dns = False
> mkhomedir = False
>
>
> You can see I also kind of suggest to allow accepting True/Fals to
> boolean options to allow _unsetting_ the effect of the default set in
> the [global] section.

+1

>
>> 3.) Handling of unattended mode when specifying a config file:
>> Currently there is no connection between --config-file and unattended
>> mode. So when you run ipa-server-install using config file, you still
>> get asked for missing stuff. Should '--config-file' automatically
>> imply '--unattended'?
> Well, there is certain beauty of providing some arguments from the
> config file and be asked for the rest. Unattended is more explicit in
> the way of handling so I would still keep them separate.
>

+1

-- 
Petr Vobornik