ipa-server-install (and replica, client, etc.) are very powerful tools.
We would like to be able to access the code that they execute more directly within rolekit (which is providing the Fedora Server Role API). This would be so that we could solve the following problems:
pviktori, this ticket could be a basis of the planned OpenLMI integration announced on freeipa-devel.
Would a refactoring & making the installer use our installer base from AdminTool satisfy sgallagh's needs?
For (1) we'd need some coding, but it would definitely be easier to add to the framework than to the current code.
(2) can be addressed now, but with the framework it would be easier to be consistent.
Allowing (3) would be very easy, though we might want to add an even nicer interface. (And it would help IPA as well, for example I think it would help to have ipa-server-install just call ipa-dns-install at the end, so that the single-step and two-step installations would be equivalent.)
The ticket for the AdminTool refactoring is: #2652 Framework for admin/install tools
This ticket should only track the necessary changes on top of that.
Moving to 4.2, will be pat of OpenLMI integration. We will certainly also consider #2652 as it can fix some of our problems.
not only existing commands will be affected, there is also the commandline part for ticket 4302. It will probably need a command like ipa-topology-manage with subcommands like init| verify| show | connect |disconnect and has some overlap with ipa-replica-manage.
The (pviktori's) plan is to have introspectable argument definitions, like the IPA framework's Param, so supporting different ways to pass the options (function args, CLI, config files) should be easy.
A Password argument that the CLI user can specify by any of file, env var, command line, or interactive prompting, would of course be built in.
Someone, please take this.
This ticket is not critical for 4.2 GA and can be done in follow-up stabilization release - postponing.
This ticket tracks several problems that will be fixed in different releases.
I am not sure about the scope and base design for 1., please open separate ticket if you are interested in this.
Part 2 is a duplicate of #4517.
Part 3 is fixed for ipa-server-install and ipa-replica-install in 4.2, so I am closing this ticket. Please open tickets for missing functionality that you depend on.
Metadata Update from @sgallagh:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.2
to comment on this ticket.