On Wed, 2015-05-27 at 15:41 +0200, Petr Vobornik wrote: > On 05/27/2015 03:34 PM, Christian Heimes wrote: > > On 2015-05-27 14:47, Petr Vobornik wrote: > > > Install/uninstall is not the same thing as enable/disable. > > > Installation > > > is a set of steps which first configures and then (optionally) > > > enables > > > the component. > > > > > > E.g: > > > 1. modify configuration file(s), ldap entries > > > 2. run something which starts the component. E.g. `systemctl > > > start xxx`, > > > an ldap change which is being observed (like topology plugin). > > > > > > The only rationale for external tool is to do stuff which can't > > > be done > > > trough API. E.g. restart of httpd.service or a need of Directory > > > Manager. But in that case the tool should be: > > > > > > ipa-kdcproxy-manage enable|disable > > > > Right, the restart of httpd.service isn't handled by ipa config > > -mod. A > > tool like ipa-kdcproxy-manage could handle the restart on a local > > machine. As far as I know it won't be able to restart httpd on all > > replicas, too. > > > > My current implementation needs a restart of all Apache servers on > > all > > machines, that run a kdc proxy instance. > > > > Christian > > > > It would be great to have a privileged daemon which could observed > replicated configuration and perform such tasks on all servers so we > would eliminate manual tasks(and errors and misconceptions which are > caused by forgotten manual tasks) as much as possible.
*security shiver* -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code