[Freeipa-devel] host-del & client uninstall: additional discussion related to DNS needed
Jan Cholasta
jcholast at redhat.com
Thu Mar 3 15:37:47 UTC 2016
Hi,
On 3.3.2016 15:52, Martin Basti wrote:
> Hello all,
>
> related tickets:
> https://fedorahosted.org/freeipa/ticket/5676
> https://fedorahosted.org/freeipa/ticket/5675
> https://fedorahosted.org/freeipa/ticket/5715
>
> I'm trying to implement both tickets, but I don't like the way we
> decided on devel meeting anymore.
+1
>
> https://fedorahosted.org/freeipa/ticket/5676#comment:1
>
> 1)
> ipa host-del --updatedns
>
> I propose to only delete A, AAAA and related PTR records (SSHFP records
> explained later). The record are somehow managed by IPA
I propose to deprecate the option and let users manage DNS by proper
means. (I realize this probably won't be a very popular proposal :-).)
>
> I don't like the idea of having an extra option to specify record types
> that should be removed or a flag that will remove DNS entry completely.
> IMO that is duplication of dnsrecord-mod/del functionality, host-del
> should not be used for managing DNS. If somebody wants better
> granularity, the one should use 'dnsrecord-mod zone rec --type-rec=' or
> 'dnsrecord-del --del-all'
+1
>
> Note: due backward compatibility --updatedns cannot be migrated to ENUM,
> new option needed
>
> 2)
> SSHFP records and host-del (https://fedorahosted.org/freeipa/ticket/5715)
>
> host-del removes SSH keys from LDAP, thus there is no reason to keep
> SSHFP record in DNS, thus SSHFP records should be removed always (even
> without --updatedns option)
+1, also host-disable should probably do the same.
>
> 3)
> ipa-client-install --uninstall
>
> SSHFP record are always added via nsupdate to DNS, IMO during client
> uninstall all SSHFP record related to client should be removed via
> nsupdate too.
+1, IMHO it's important to keep symmetry here (or anywhere else for that
matter), otherwise it is virtually impossible to keep track of what
parts of code are related, and we could easily end up with *more* errors
caused by one part being updated without the other.
>
> 4)
> https://fedorahosted.org/freeipa/ticket/5676
>
> ipa-client-install --uninstall --delete-host #suggestions how to name
> option for removing host entry for ldap welcome
>
> Should this option call 'host-del' or 'host-del --updatedns'?
On install, host-add does not create any DNS records, and neither should
host-del delete any on uninstall.
>
> I would like to avoid additional DNS related option to be added to
> ipa-client-install
+1
>
> Also do we really want to implement this ticket? What is the gain there?
I would like to know the answer myself.
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list