On Tue, May 10, 2016 at 02:42:52PM -0400, Ade Lee wrote:
The patch itself is fine.
I'm just struggling with where this script should exist.
pki-server ca-cert-db-upgrade seems like an awfully generic description
for this operation - which basically provides a very specific db
migration. For that matter, why not ca-db-upgrade?
My thinking was that, in the future, whatever DB upgrades are needed
for a subsystem could be added to the command.
So on that, I take your point re "ca-db-upgrade" and will cut a new
patch with that command name.
What happens the next time someone needs to do a CA DB upgrade?
I'm almost wondering if a separate pki-db tool is needed.
I think having it as part of pki-server(1) is a satisfactory fit.
For that matter though, its possible that the database is quite
large
so attempting to do this automatically during upgrade is probably not
advisable.
We can leave it as a manual step for now (for Dogtag itself).
ipa-server-install may need to run it. In the future, to avoid
unnecessary work, we can track which "steps" have been run (either
on disk or, preferably, in LDAP itself). Updates themselves should
be idempotent.
Opening up for others to chime in ..
Ade
On Tue, 2016-05-10 at 08:32 +1000, Fraser Tweedale wrote:
> On Mon, May 09, 2016 at 04:06:46PM -0400, Ade Lee wrote:
> > Isn't all this predicated on a schema change that adds the issuer
> > as an
> > optional field for the certRecord?
> >
> The schema already exists but was unused.
>
> > Ade
> >
> > On Mon, 2016-05-09 at 17:15 +1000, Fraser Tweedale wrote:
> > > Hi all,
> > >
> > > The following patch adds a pki-server subcommand for updating
> > > certificate records to add the issuerName attribute.
> > >
> > > It is for #1667 (Database upgrade script to add issuerName
> > > attribute
> > > to all cert entries).
> > >
> > > Follow-up question: should I (and if so, how should I) also add
> > > an
> > > upgrade scriptlet to perform the upgrade for Dogtag CA subsystem
> > > on
> > > the host? Is there a precedent for invoking pki-server (or
> > > subroutines thereof) from pki-server-upgrade scriptlets?
> > >
> > > Cheers,
> > > Fraser
> > > _______________________________________________
> > > Pki-devel mailing list
> > > Pki-devel(a)redhat.com
> > >
https://www.redhat.com/mailman/listinfo/pki-devel