Hi all,
I am currently reviewing the PR for authconfig replacement with
authselect (see [1]) but I am not 100% sure of the direction we should
aim for (many items were discussed in the mailing list but it's not
clear on which an agreement was reached).
1/ Deprecation of --no-sssd option:
- on non-fedora/non-rhel platforms, my understanding is that we should
keep this option and let the distros implement their specific code in
ipaplatform/<distro>/tasks.py
- what does it mean for fedora/rhel platform? we could add a check in
tasks.py called during install_check, refusing this option on
fedora/rhel (with a clean exit from ipa-client-install) and allowing
this on other distributions. Other proposals?
2/ How do we handle backup/restore:
-the server may have been installed with authconfig then upgraded, or
directly installed with authselect.
If authselect was used, we can leverage 'authselect current' to save the
current state.
If authconfig was used, we have an issue as ipa-backup is currently
calling authconfig --savebackup but this option (--savebackup) is not
supported anymore when authselect is installed. Does it mean that we
should migrate the configuration to authselect during
ipa-server-upgrade? Is it ok to migrate only servers or should we also
migrate clients?
- ipa-restore can be forced to restore a backup made on a different
version. This means we could end up in a situation where the backup was
done with authselect, but restored with authconfig. This should not be a
problem because backup/restore is done on a server and servers cannot be
installed with --no-sssd, but it means that there will be a migration to
the authselect sssd profile.
3/ How do we handle uninstall:
the client may have been installed with authconfig then upgraded. When
the pre-install config does not correspond to a supported authselect
profile, how should we react (because we won't be able to restore
exactly the same conf)? Simply log a warning, exit on error?
Thanks for your opinions/suggestions.
Flo
[1] https://github.com/freeipa/freeipa/pull/1603
_______________________________________________
FreeIPA-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
