Hi,

On 22.8.2016 09:37, Fraser Tweedale wrote:
#6019 requires adding tracking requests for existing lightweight CAs
as part of replica installation.  ipa-certupdate has logic to do
this.

Before I go ahead and implement, there are a few approaches I want
to mention and seek feedback from team members before I commit to
one.

1. invoke ipa-certupdate as a subprocess, from
CAInstance.configure_replica.  This is the simplest approach.  Not
much else to say about it, really :)

2. invoke ipa-certupdate's main() from the installer.  This is
slightly more work because currently it would fail due to API
already having been initialised.

3. extract all logic for adding tracking requests such that it can
be invoked separately; then refactor ipa-certupdate to call it as
well as calling it from CAInstance.configure_replica.  This is the
most work.

I lean towards (1) or (3).  If you wish it to be done a certain way
say your piece.

(4) Extract the relevant code from ipa-certupdate into a separate function and call it from CAInstance.configure_replica().

I would not go with (1) or (2) because it does more than track the certs. I would also not go with (3) because it requires extensive changes not suitable for 4.4.


Thanks,
Fraser


Honza

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to