URL: https://github.com/freeipa/freeipa/pull/764
Title: #764: Basic uninstaller for the CA

stlaz commented:
@pvoborni @rcritten @martbab This discussion at this PR makes no sense. Clearly 
we can see that the impact is much higher and should be discussed on designated 
channels, meaning either **freeipa-devel** mailing list or in our issue 
tracking system (the former would be preferable with having the result in the 
latter). I believe that the guys from the Dogtag project could also have a 
great insight on this.

Here's questions which should answer why I want this to be discussed there:
- how to handle users so they don't use `ipa-ca-install --uninstall` any time?
- at which point is the installation recoverable and when it's not?
- describe what happens in each and every step, mention which files and entries 
are created
    - on master
    - on replica
- describe what has to be done in case a step fails for each and every step
    - on master
    - on replica
- describe how `ipa-ca-install` rollback should behave when installing first CA 
in a CA-less setup

These problems are just from the top of my head and I am a CA installation 
noob. I would however be very cautious not knowing an answer to either of those.

@rcritten if you do know the answers, please, share them with us (or maybe just 
me because I sure don't know them), it would help a lot with deciding on where 
to go from here.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to