[Freeipa-devel] invoking ipa-certupdate from within installer
Fraser Tweedale
ftweedal at redhat.com
Mon Aug 22 11:51:51 UTC 2016
On Mon, Aug 22, 2016 at 10:00:57AM +0200, Jan Cholasta wrote:
> Hi,
>
> On 22.8.2016 09:37, Fraser Tweedale wrote:
> > #6019 requires adding tracking requests for existing lightweight CAs
> > as part of replica installation. ipa-certupdate has logic to do
> > this.
> >
> > Before I go ahead and implement, there are a few approaches I want
> > to mention and seek feedback from team members before I commit to
> > one.
> >
> > 1. invoke ipa-certupdate as a subprocess, from
> > CAInstance.configure_replica. This is the simplest approach. Not
> > much else to say about it, really :)
> >
> > 2. invoke ipa-certupdate's main() from the installer. This is
> > slightly more work because currently it would fail due to API
> > already having been initialised.
> >
> > 3. extract all logic for adding tracking requests such that it can
> > be invoked separately; then refactor ipa-certupdate to call it as
> > well as calling it from CAInstance.configure_replica. This is the
> > most work.
> >
> > I lean towards (1) or (3). If you wish it to be done a certain way
> > say your piece.
>
> (4) Extract the relevant code from ipa-certupdate into a separate function
> and call it from CAInstance.configure_replica().
>
> I would not go with (1) or (2) because it does more than track the certs. I
> would also not go with (3) because it requires extensive changes not
> suitable for 4.4.
>
(4) is exactly what I meant in (3) - (I was too vague).
(3/4) it is. Thanks for input.
More information about the Freeipa-devel
mailing list