On Mon, Aug 22, 2016 at 10:00:57AM +0200, Jan Cholasta wrote: > Hi, > > On 22.8.2016 09:37, Fraser Tweedale wrote: > > #6019 requires adding tracking requests for existing lightweight CAs > > as part of replica installation. ipa-certupdate has logic to do > > this. > > > > Before I go ahead and implement, there are a few approaches I want > > to mention and seek feedback from team members before I commit to > > one. > > > > 1. invoke ipa-certupdate as a subprocess, from > > CAInstance.configure_replica. This is the simplest approach. Not > > much else to say about it, really :) > > > > 2. invoke ipa-certupdate's main() from the installer. This is > > slightly more work because currently it would fail due to API > > already having been initialised. > > > > 3. extract all logic for adding tracking requests such that it can > > be invoked separately; then refactor ipa-certupdate to call it as > > well as calling it from CAInstance.configure_replica. This is the > > most work. > > > > I lean towards (1) or (3). If you wish it to be done a certain way > > say your piece. > > (4) Extract the relevant code from ipa-certupdate into a separate function > and call it from CAInstance.configure_replica(). > > I would not go with (1) or (2) because it does more than track the certs. I > would also not go with (3) because it requires extensive changes not > suitable for 4.4. > (4) is exactly what I meant in (3) - (I was too vague).
(3/4) it is. Thanks for input. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code