[Freeipa-devel] invoking ipa-certupdate from within installer
Jan Cholasta
jcholast at redhat.com
Mon Aug 22 08:00:57 UTC 2016
Hi,
On 22.8.2016 09:37, Fraser Tweedale wrote:
> #6019 requires adding tracking requests for existing lightweight CAs
> as part of replica installation. ipa-certupdate has logic to do
> this.
>
> Before I go ahead and implement, there are a few approaches I want
> to mention and seek feedback from team members before I commit to
> one.
>
> 1. invoke ipa-certupdate as a subprocess, from
> CAInstance.configure_replica. This is the simplest approach. Not
> much else to say about it, really :)
>
> 2. invoke ipa-certupdate's main() from the installer. This is
> slightly more work because currently it would fail due to API
> already having been initialised.
>
> 3. extract all logic for adding tracking requests such that it can
> be invoked separately; then refactor ipa-certupdate to call it as
> well as calling it from CAInstance.configure_replica. This is the
> most work.
>
> I lean towards (1) or (3). If you wish it to be done a certain way
> say your piece.
(4) Extract the relevant code from ipa-certupdate into a separate
function and call it from CAInstance.configure_replica().
I would not go with (1) or (2) because it does more than track the
certs. I would also not go with (3) because it requires extensive
changes not suitable for 4.4.
>
> Thanks,
> Fraser
>
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list