On 22.8.2016 09:37, Fraser Tweedale wrote:
#6019 requires adding tracking requests for existing lightweight CAs
as part of replica installation.  ipa-certupdate has logic to do

Before I go ahead and implement, there are a few approaches I want
to mention and seek feedback from team members before I commit to

1. invoke ipa-certupdate as a subprocess, from
CAInstance.configure_replica.  This is the simplest approach.  Not
much else to say about it, really :)

2. invoke ipa-certupdate's main() from the installer.  This is
slightly more work because currently it would fail due to API
already having been initialised.

3. extract all logic for adding tracking requests such that it can
be invoked separately; then refactor ipa-certupdate to call it as
well as calling it from CAInstance.configure_replica.  This is the
most work.

I lean towards (1) or (3).  If you wish it to be done a certain way
say your piece.

(4) Extract the relevant code from ipa-certupdate into a separate function and call it from CAInstance.configure_replica().

I would not go with (1) or (2) because it does more than track the certs. I would also not go with (3) because it requires extensive changes not suitable for 4.4.



Jan Cholasta

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to