URL: https://github.com/freeipa/freeipa/pull/764
Title: #764: Basic uninstaller for the CA
stlaz commented:
"""
@pvoborni @rcritten @martbab This discussion at this PR makes no sense. Clearly
we can see that the impact is much higher and should be discussed on designated
channels, meaning either **freeipa-devel** mailing list or in our issue
tracking system (the former would be preferable with having the result in the
latter). I believe that the guys from the Dogtag project could also have a
great insight on this.
Here's questions which should answer why I want this to be discussed there:
- how to handle users so they don't use `ipa-ca-install --uninstall` any time?
- at which point is the installation recoverable and when it's not?
- describe what happens in each and every step, mention which files and entries
are created
- on master
- on replica
- describe what has to be done in case a step fails for each and every step
- on master
- on replica
- describe how `ipa-ca-install` rollback should behave when installing first CA
in a CA-less setup
These problems are just from the top of my head and I am a CA installation
noob. I would however be very cautious not knowing an answer to either of those.
@rcritten if you do know the answers, please, share them with us (or maybe just
me because I sure don't know them), it would help a lot with deciding on where
to go from here.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/764#issuecomment-300120774
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
