[Freeipa-devel] [PATCH 0078-0081] ipa-client-install autodiscovery code improvements

Petr Spacek pspacek at redhat.com
Mon Oct 12 08:43:05 UTC 2015 

On 9.10.2015 12:47, Martin Babinsky wrote:
> On 10/09/2015 11:47 AM, Petr Spacek wrote:
>> On 9.10.2015 09:14, Petr Spacek wrote:
>>> On 8.10.2015 19:09, Martin Babinsky wrote:
>>>> These patches fix https://fedorahosted.org/freeipa/ticket/4305
>>>>
>>>> Actually only the last patch does the work itself (suppress autodiscovery
>>>> when
>>>> installing client on master), but when I saw the state of autodiscovery
>>>> code I
>>>> have taken the liberty to clean it up a bit.
>>>>
>>>> Patch #78 has separate versions for master and 4-2 branch, other patches
>>>> should apply on top of it in both branches.
>>>
>>> Uh, I have to say that I'm not big fan of this patch. This will simply hide
>>> fact that your DNS is terribly misconfigured and other things will fail
>>> later on.
>>
>> To underline this point, this exercise will not be necessary when
>> https://fedorahosted.org/freeipa/ticket/5087 is solved (some incomplete
>> patches are on the list already) because the problem should be detected before
>> installation even starts.
>>
>> Personally I would rather finish #5087 and do not spend more time on #4305.
>>
>> Petr^2 Spacek
>>
>>
>>> Also, even if we decide that it is what we want, I'm not sure what are
>>> implications for the master. Will it configure to use SSSD for auto-discovery
>>> as a fallback (when services on local master are not running)?
>>>
>>> If not, what will happen when IPA is not running on that particular master?
>>> Will the admin be able to log-in with IPA credentials?
>>>
>>>
>>> Nitpicks:
>>>> +        if options.on_master:
>>>> +            set_ipa_domain_params(ds, options.server, options.domain,
>>>> +                                  options.realm_name, CACERT)
>>>
>>> It seems that set_ipa_domain_params should be class method of "ds" because it
>>> touches only instance variables and nothing else:--
>> Petr^2 Spacek
>>
> 
> So should we abandon these patches altogether and close the ticket as WONTFIX?

Generally, yes if David is able to finish his patches.

-- 
Petr^2 Spacek

More information about the Freeipa-devel mailing list