[Freeipa-devel] [PATCH 0385] replicainstall: Add possiblity to install client in one

Martin Babinsky mbabinsk at redhat.com
Wed Dec 2 08:53:23 UTC 2015 

On 12/01/2015 04:33 PM, Jan Cholasta wrote:
> On 1.12.2015 16:19, Tomas Babej wrote:
>>
>>
>> On 12/01/2015 08:19 AM, Jan Cholasta wrote:
>>> On 30.11.2015 19:17, Simo Sorce wrote:
>>>> On Mon, 2015-11-30 at 12:25 +0100, Tomas Babej wrote:
>>>>> +    # Perform only if we have the necessary options
>>>>> +    if not any([installer.admin_password, installer.keytab]):
>>>>> +        sys.exit("IPA client is not configured on this system.\n"
>>>>> +                 "You must use a replica file or join the system "
>>>>> +                 "either by using by running 'ipa-client-install'. "
>>>>> +                 "Alternatively, you may specify enrollment related
>>>>> options "
>>>>> +                 "directly, see man ipa-replica-install.")
>>>>> +
>>>>
>>>> There is a typo "either by using by "
>>>>
>>>> Also this seem to be run in promote_check, so you should not mention
>>>> replica files, as promotion can only be run at domain level 1 where
>>>> replica files cannot be used.
>>>
>>> One more thing from me: admin password should be passed to
>>> ipa-client-install through stdin. Apply the following changes (tested
>>> and working) to make it so:
>>>
>>>               args.extend(["--hostname", installer.host_name])
>>>
>>>           if installer.admin_password:
>>> -            args.extend(["--password", installer.admin_password])
>>>               args.extend(["--principal", installer.principal or
>>> "admin"])
>>>           if installer.keytab:
>>>               args.extend(["--keytab", installer.keytab])
>>> @@ -792,7 +791,13 @@ def ensure_enrolled(installer):
>>>               args.append("--no-sshd")
>>>           if installer.mkhomedir:
>>>               args.append("--mkhomedir")
>>> -        ipautil.run(args)
>>> +
>>> +        if installer.admin_password:
>>> +            stdin = installer.admin_password
>>> +        else:
>>> +            stdin = None
>>> +
>>> +        ipautil.run(args, stdin=stdin)
>>>       except Exception as e:
>>>           sys.exit("Configuration of client side components failed!\n"
>>>                    "ipa-client-install returned: " + str(e))
>>>
>>
>> Both Simo's and Jan's suggestions make sense, thanks.
>>
>> Updated patch attached.
>
> Thank you, ACK.
>
> Pushed to master: 034e76062fd897dc67b5a395735a5471257bfc8b
>

It would be nice if we could update ipa-replica-install manpage and 
document all three different ways to set up a replica 
(ipa-replica-install w/ replica file in domain level 0, 
ipa-client-install & ipa-replica-install via promotion in domain level 
1, single ipa-replica-install w/ client-specific options in domain level 1).

Especially in the latter case it was not obvious to me which options 
should I use to set up client and replica in one go without peeking in 
the source code.

-- 
Martin^3 Babinsky

More information about the Freeipa-devel mailing list