URL: https://github.com/freeipa/freeipa/pull/567 Title: #567: Configure KDC to use certs after they are deployed
martbab commented: """ I think we can avoid the copy-pasta by actually moving PKINIT requesting code into `__common_post_setup` like this: ```diff --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -142,10 +142,15 @@ class KrbInstance(service.Service): self.step("starting the KDC", self.__start_instance) self.step("configuring KDC to start on boot", self.__enable) + if self.setup_pkinit: + self.step("installing X509 Certificate for PKINIT", + self.setup_pkinit) + def create_instance(self, realm_name, host_name, domain_name, admin_password, master_password, setup_pkinit=False, pkcs12_info=None, subject_base=None): self.master_password = master_password self.pkcs12_info = pkcs12_info self.subject_base = subject_base + self.setup_pkinit = setup_pkinit self.__common_setup(realm_name, host_name, domain_name, admin_password) @@ -160,10 +165,6 @@ class KrbInstance(service.Service): self.__common_post_setup() - if setup_pkinit: - self.step("installing X509 Certificate for PKINIT", - self.setup_pkinit) - self.start_creation(runtime=30) self.kpasswd = KpasswdInstance() @@ -178,14 +179,12 @@ class KrbInstance(service.Service): self.pkcs12_info = pkcs12_info self.subject_base = subject_base self.master_fqdn = master_fqdn + self.setup_pkinit = setup_pkinit self.__common_setup(realm_name, host_name, domain_name, admin_password) self.step("configuring KDC", self.__configure_instance) self.step("adding the password extension to the directory", self.__add_pwd_extop_module) - if setup_pkinit: - self.step("installing X509 Certificate for PKINIT", - self.setup_pkinit) self.__common_post_setup() ``` Yes we have now duplicated member assignment but still better that duplicate logic. Also I have some inline comments. """ See the full comment at https://github.com/freeipa/freeipa/pull/567#issuecomment-285599143
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code