On 22.8.2016 09:37, Fraser Tweedale wrote:
#6019 requires adding tracking requests for existing lightweight CAs
as part of replica installation. ipa-certupdate has logic to do
Before I go ahead and implement, there are a few approaches I want
to mention and seek feedback from team members before I commit to
1. invoke ipa-certupdate as a subprocess, from
CAInstance.configure_replica. This is the simplest approach. Not
much else to say about it, really :)
2. invoke ipa-certupdate's main() from the installer. This is
slightly more work because currently it would fail due to API
already having been initialised.
3. extract all logic for adding tracking requests such that it can
be invoked separately; then refactor ipa-certupdate to call it as
well as calling it from CAInstance.configure_replica. This is the
I lean towards (1) or (3). If you wish it to be done a certain way
say your piece.
(4) Extract the relevant code from ipa-certupdate into a separate
function and call it from CAInstance.configure_replica().
I would not go with (1) or (2) because it does more than track the
certs. I would also not go with (3) because it requires extensive
changes not suitable for 4.4.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code