On Wed, 2015-05-27 at 15:41 +0200, Petr Vobornik wrote:
> On 05/27/2015 03:34 PM, Christian Heimes wrote:
> > On 2015-05-27 14:47, Petr Vobornik wrote:
> > > Install/uninstall is not the same thing as enable/disable. 
> > > Installation
> > > is a set of steps which first configures and then (optionally) 
> > > enables
> > > the component.
> > > 
> > > E.g:
> > > 1. modify configuration file(s), ldap entries
> > > 2. run something which starts the component. E.g. `systemctl 
> > > start xxx`,
> > > an ldap change which is being observed (like topology plugin).
> > > 
> > > The only rationale for external tool is to do stuff which can't 
> > > be done
> > > trough API. E.g. restart of httpd.service or a need of Directory
> > > Manager. But in that case the tool should be:
> > > 
> > > ipa-kdcproxy-manage enable|disable
> > 
> > Right, the restart of httpd.service isn't handled by ipa config
> > -mod. A
> > tool like ipa-kdcproxy-manage could handle the restart on a local
> > machine. As far as I know it won't be able to restart httpd on all
> > replicas, too.
> > 
> > My current implementation needs a restart of all Apache servers on 
> > all
> > machines, that run a kdc proxy instance.
> > 
> > Christian
> > 
> 
> It would be great to have a privileged daemon which could observed 
> replicated configuration and perform such tasks on all servers so we 
> would eliminate manual tasks(and errors and misconceptions which are 
> caused by forgotten manual tasks) as much as possible.

*security shiver*

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to