[Freeipa-devel] [PATCH 0385] replicainstall: Add possiblity to install client in one

Tomas Babej tbabej at redhat.com
Tue Nov 24 14:56:49 UTC 2015 


On 11/23/2015 04:43 PM, Jan Cholasta wrote:
> Hi,
> 
> On 23.11.2015 12:50, Tomas Babej wrote:
>> Hi,
>>
>> this patch implements the single command replica promotion&enrollment
>> for #5310.
>>
>> Tomas
>>
>> https://fedorahosted.org/freeipa/ticket/5310
> 
> 1) ensure_enrolled() should be called from promote_check() after the
> client check is done:
> 
>     client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
>     if not client_fstore.has_files():
>         ensure_enrolled(installer)
> 
> 
> 2)
> 
> +    server_name = Knob(
> +        str, None,
> +        description="fully qualified name of IPA server to enrooll to",
> +        cli_name='server',
> +    )
> 
> Please use the same identifier ipa-client-install uses, i.e.
> s/server_name/server/.
> 
> Also there is typo in the description: "enrooll".

Fixed.

> 
> 
> 3)
> 
> +    host_name = Knob(
> +        str, None,
> +        description="fully qualified name of this host",
> +        cli_name='hostname',
> +    )
> 
> This knob is already defined in BaseServer, there's no need to redefine
> it here (just remove the "host_name = None").
> 
> If you want to change the description, change it in BaseServer.

Yep, that was the reasoning here. Changed in BaseServer.

> 
> 
> 4)
> 
> +    keytab = Knob(
> +        str, None,
> +        description="path to backed up keytab from previous enrollment",
> +        cli_name='keytab',
> +    )
> 
> ipa-client-install uses the short name -k for the keytab option, it
> should be used here as well.
> 

Added.

> 
> 5) The replica file argument conflicts with the --realm, --domain,
> --server, --admin-password and --principal options. This should be
> checked in Replica.__init__().
> 
> The --hostname option should either be conflicting as well or be
> implemented properly for legacy replica install.
> 

All of them now conflict --replica-file.

> 
> 6) I think --admin-password should be renamed to --password and the
> description changed, since it now also allows OTP enrollment.
> 

I changed the requirements to mandate --principal when --password is
used, as we discussed.

The name of the option cannot really be changed, as it is already taken
by the dm_password.


> 
> Honza
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0385-2-replicainstall-Add-possiblity-to-install-client-in-o.patch
Type: text/x-patch
Size: 7536 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151124/96a8b8ff/attachment.bin>

More information about the Freeipa-devel mailing list