On 05/27/2015 03:34 PM, Christian Heimes wrote:
On 2015-05-27 14:47, Petr Vobornik wrote:
Install/uninstall is not the same thing as enable/disable. Installation
is a set of steps which first configures and then (optionally) enables
the component.

1. modify configuration file(s), ldap entries
2. run something which starts the component. E.g. `systemctl start xxx`,
an ldap change which is being observed (like topology plugin).

The only rationale for external tool is to do stuff which can't be done
trough API. E.g. restart of httpd.service or a need of Directory
Manager. But in that case the tool should be:

ipa-kdcproxy-manage enable|disable

Right, the restart of httpd.service isn't handled by ipa config-mod. A
tool like ipa-kdcproxy-manage could handle the restart on a local
machine. As far as I know it won't be able to restart httpd on all
replicas, too.

My current implementation needs a restart of all Apache servers on all
machines, that run a kdc proxy instance.


It would be great to have a privileged daemon which could observed replicated configuration and perform such tasks on all servers so we would eliminate manual tasks(and errors and misconceptions which are caused by forgotten manual tasks) as much as possible.
Petr Vobornik

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to