[Pki-devel] [PATCH] PKI TRAC Ticket #899 - RFE - ipa-server should keep backup of CS.cfg

Ade Lee alee at redhat.com
Wed Jul 2 14:42:29 UTC 2014 

ACK.  Looks good.  Two small nits only - just fix and check in.

1. In operations, no need to further indent the comments in
backup_instance_configuration_files().

2.  At the end of start_instance() , you do:
    return $?

    Why not just move that into the if .. then .. fi clause above?
    ie. replace : rv=$?  with return $? 

Ade

On Fri, 2014-06-27 at 20:58 -0700, Matthew Harmsen wrote:
> Please review the attached patch for:
>       * PKI TRAC Ticket #899 - RFE - ipa-server should keep backup of
>         CS.cfg
> 
> This patch is based upon a previously reviewed patch for the Dogtag 9
> architecture utilized by the IPA_v2_RHEL_6_ERRATA_BRANCH, but was
> modified and tested to work with the Dogtag 10.2 architecture.
> 
> 
> CAVEAT 1:
> 
> 
>         Although this patch contains changes to multiple PKI
>         subsystem's 'CS.cfg' configuration files, an upgrade script
>         should not be specifically required for legacy instances since
>         the parameter that is added,
>         'archive.configuration_file=true', is presumed even if the
>         parameter is missing (as it would be on any legacy instance).
>         In this case, it would only be necessary to add this parameter
>         to a legacy instance's CS.cfg, and set the value to 'false' in
>         order to turn off 'CS.cfg' configuration file archival
>         (explicit instructions detailing this are found in the
>         'operations' script).  However, if this is desired for
>         completeness, I don't mind adding it.
> CAVEAT 2:
>         I had originally made the effort to attempt to have specific
>         crucial WARNING messages echoed to the display as well as to
>         the journal.  I believe that this would be beneficial, as, for
>         example, it would immediately notify an admin that since an
>         error had occurred, 'CS.cfg' backups would be discontinued
>         until the error was corrected.  My idea was to echo these
>         WARNING messages explicitly to stderr via redirecting them
>         (>&2), and adding the parameter 'StandardError=journal
>         +console' under the [Service] section of the
>         'pki-tomcatd at pki-tomcat.service' file.  Unfortunately, I was
>         never able to make this work - both stdout and stderr messages
>         were stored in the journal, but were never displayed to the
>         screen when typing 'systemctl restart
>         pki-tomcatd at pki-tomcat.service' (even after a 'systemctl
>         daemon-reload' had been performed).
> -- Matt
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list