On Mon, Aug 22, 2016 at 10:00:57AM +0200, Jan Cholasta wrote:
> On 22.8.2016 09:37, Fraser Tweedale wrote:
> > #6019 requires adding tracking requests for existing lightweight CAs
> > as part of replica installation. ipa-certupdate has logic to do
> > this.
> > Before I go ahead and implement, there are a few approaches I want
> > to mention and seek feedback from team members before I commit to
> > one.
> > 1. invoke ipa-certupdate as a subprocess, from
> > CAInstance.configure_replica. This is the simplest approach. Not
> > much else to say about it, really :)
> > 2. invoke ipa-certupdate's main() from the installer. This is
> > slightly more work because currently it would fail due to API
> > already having been initialised.
> > 3. extract all logic for adding tracking requests such that it can
> > be invoked separately; then refactor ipa-certupdate to call it as
> > well as calling it from CAInstance.configure_replica. This is the
> > most work.
> > I lean towards (1) or (3). If you wish it to be done a certain way
> > say your piece.
> (4) Extract the relevant code from ipa-certupdate into a separate function
> and call it from CAInstance.configure_replica().
> I would not go with (1) or (2) because it does more than track the certs. I
> would also not go with (3) because it requires extensive changes not
> suitable for 4.4.
(4) is exactly what I meant in (3) - (I was too vague).
(3/4) it is. Thanks for input.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code