Martin Kosek wrote:
On Mon, 2012-02-13 at 11:46 -0500, Rob Crittenden wrote:
When upgrading from 2.1 to 2.2 we need to kill any ipa_kpasswd processes
and uninstall it.

We also need to update the dbmodules section in /etc/krb5.conf to
reflect the new kdb.


The patch works fine, I just have few comments.

This line seems a bit confusing (at least for me):
+    if not enabled is None and not enabled:
+        ipa_kpasswd.remove()

I would prefer
+    if enabled is not None and not enabled:
+        ipa_kpasswd.remove()

I know, its just a nitpick.

I saw that too and was tempted to change it but this is the way it is done currently in services, didn't want to mess with success :-)

I'm not opposed.

I checked update_dbmodules() function. It works but as we discussed,
there is a lot of hard-coding and a success of this function depends on
proper indentation etc. I would accept this fix as a short-term
solution, in the future we may want to use some better means to update
our configs like augeas that was already discussed before.

Yes, ideally we'll switch to using the ipaChangeConf module but it doesn't support searching within subsections yet.


Freeipa-devel mailing list

Reply via email to