On 07/29/2015 12:37 PM, Alexander Bokovoy wrote:
On Wed, 29 Jul 2015, Martin Babinsky wrote:
Initial attempt to implement
https://fedorahosted.org/freeipa/ticket/4517

Some points to discuss:

1.) name of the config entries: currently the option names are derived
from CLI options but have underscores in them instead of dashes. Maybe
keeping the CLI option names also for config entries will make it
easier for the user to transfer their CLI options from scripts to
config files.
I would prefer that too. Or you can simply allow both _ and -, this
should be relatively simple.

+1


2.) Config sections: there is currently only one valid section named
'[global]' in accordance with the format of 'default.conf'. Should we
have separate sections equivalent to option groups in CLI (e.g.
[basic], [certificate system], [dns])?
What about using a different approach -- allowing to specify which
section to process, defaulting to [global]. This would allow to have a
single config file for whole setup, if needed, and just vary which
section to use.

Interesting idea.


Maybe global section could always be processed and the rest could be
used to amend the configuration?

As an example,

[global]
setup_dns
realm = EXAMPLE.COM
domain = example.com
ds-password = SuperSecretPasswordHere
admin-password = EquallySecretPasswordHere
mkhomedir

[m1.example.com]
hostname=m1.example.com


[m2.example.com]
hostname=m2.example.com
setup_dns = False
mkhomedir = False


You can see I also kind of suggest to allow accepting True/Fals to
boolean options to allow _unsetting_ the effect of the default set in
the [global] section.

+1


3.) Handling of unattended mode when specifying a config file:
Currently there is no connection between --config-file and unattended
mode. So when you run ipa-server-install using config file, you still
get asked for missing stuff. Should '--config-file' automatically
imply '--unattended'?
Well, there is certain beauty of providing some arguments from the
config file and be asked for the rest. Unattended is more explicit in
the way of handling so I would still keep them separate.


+1

--
Petr Vobornik

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to