Re: [Pki-devel] [PATCH] PKI TRAC Ticket #899 - RFE - ipa-server should keep backup of CS.cfg
ACK. Looks good. Two small nits only - just fix and check in.
1. In operations, no need to further indent the comments in
backup_instance_configuration_files().
2. At the end of start_instance() , you do:
return $?
Why not just move that into the if .. then .. fi clause above?
ie. replace : rv=$? with return $?
Ade
On Fri, 2014-06-27 at 20:58 -0700, Matthew Harmsen wrote:
Please review the attached patch for:
* PKI TRAC Ticket #899 - RFE - ipa-server should keep backup of
CS.cfg
This patch is based upon a previously reviewed patch for the Dogtag 9
architecture utilized by the IPA_v2_RHEL_6_ERRATA_BRANCH, but was
modified and tested to work with the Dogtag 10.2 architecture.
CAVEAT 1:
Although this patch contains changes to multiple PKI
subsystem's 'CS.cfg' configuration files, an upgrade script
should not be specifically required for legacy instances since
the parameter that is added,
'archive.configuration_file=true', is presumed even if the
parameter is missing (as it would be on any legacy instance).
In this case, it would only be necessary to add this parameter
to a legacy instance's CS.cfg, and set the value to 'false' in
order to turn off 'CS.cfg' configuration file archival
(explicit instructions detailing this are found in the
'operations' script). However, if this is desired for
completeness, I don't mind adding it.
CAVEAT 2:
I had originally made the effort to attempt to have specific
crucial WARNING messages echoed to the display as well as to
the journal. I believe that this would be beneficial, as, for
example, it would immediately notify an admin that since an
error had occurred, 'CS.cfg' backups would be discontinued
until the error was corrected. My idea was to echo these
WARNING messages explicitly to stderr via redirecting them
(>&2), and adding the parameter 'StandardError=journal
+console' under the [Service] section of the
'pki-tomcatd(a)pki-tomcat.service' file. Unfortunately, I was
never able to make this work - both stdout and stderr messages
were stored in the journal, but were never displayed to the
screen when typing 'systemctl restart
pki-tomcatd(a)pki-tomcat.service' (even after a 'systemctl
daemon-reload' had been performed).
-- Matt
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel