[Freeipa-devel] invoking ipa-certupdate from within installer
Fraser Tweedale
ftweedal at redhat.com
Mon Aug 22 07:37:57 UTC 2016
#6019 requires adding tracking requests for existing lightweight CAs
as part of replica installation. ipa-certupdate has logic to do
this.
Before I go ahead and implement, there are a few approaches I want
to mention and seek feedback from team members before I commit to
one.
1. invoke ipa-certupdate as a subprocess, from
CAInstance.configure_replica. This is the simplest approach. Not
much else to say about it, really :)
2. invoke ipa-certupdate's main() from the installer. This is
slightly more work because currently it would fail due to API
already having been initialised.
3. extract all logic for adding tracking requests such that it can
be invoked separately; then refactor ipa-certupdate to call it as
well as calling it from CAInstance.configure_replica. This is the
most work.
I lean towards (1) or (3). If you wish it to be done a certain way
say your piece.
Thanks,
Fraser
More information about the Freeipa-devel
mailing list