Ade Lee wrote:
Attached a new patch to address some of the concerns below, specifically
I created a new base class DogtagInstance, in which much of the common
CA/KRA code is placed. I'm sure we could go further in reducing
duplication, and I'm open to further suggestions and refinements.
I did not tackle the packaging and spec file dependencies, because I'd
like some clearer direction on how we want to proceed here. In any
case, I think the splitting of the ipa packages into ca and possibly kra
packages should be a separate patch.
As before, with this patch you can:
- install a ca and drm using ipa-server-install
- install a ca and drm replica using
ipa-replica-prepare <hostname>
ipa-replica-install --setup-ca --setup-drm <replia file>
You need to use a PKI build from the 10.2 (master) branch). One such
build is given below:
http://copr.fedoraproject.org/coprs/vakwetu/dogtag/repo/fedora-20-x86_64/vakwetu-dogtag-fedora-20-x86_64.repo
The terms KRA and DRM tend to be used interchangeably. Should we pick one?
Need to bump the version number in install/conf/ipa-pki-proxy.conf so
that upgrades get the new LocationMatch.
ipa-replica-install still uses the if/then to set the value of
enable_drm when it can be reduced like you did in ipa-server-install.
In ipa-server-install you have an extra comment, probably left for
yourself: # code to create drm here
In dogtaginstance.py there are a few direct references to DRM in
comments and output.
cainstance.py doesn't need to override is_installed.py
I also don't think you need the explicit definitions for enable,
start_instance, etc. Those should be inherited from the DogtagInstance
class, in both cainstance.py and drminstance.py.
I think spawn_instance should take an option to add things to nolog in
case there are server-independent things we don't want to log.
I don't want to pile too much on, but it seems to me that if we are
going to copy in default.conf then we can do away with realm_info
completely and just use default.conf. Both would need to be supported
for a while though. Martin, what do you think?
I still have quite a bit of functional testing to go. I've only
installed a fresh standalone master. Still need to do upgrade and
replication testing.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
