[Freeipa-users] Do we need ipa-client-update script?
Martin Kosek
mkosek at redhat.com
Mon Sep 24 06:48:38 UTC 2012
On 09/22/2012 01:22 AM, Sigbjorn Lie wrote:
> On 09/21/2012 10:45 AM, Petr Spacek wrote:
>> Hello users,
>>
>> we have a question for client machine administrators:
>>
>> On 09/21/2012 10:12 AM, Martin Kosek wrote:
>> <snip>
>> > ..., that it may be useful to implement a script
>> > like "ipa-client-update" which would be capable of updating client information
>> > (and could be entered in a cron for example) without a need to re-enroll
>> > client. Such script could for example:
>> > * update SSH keys of the client
>> > * update a list of IPA DNS servers in #3095
>> > * ...
>> >
>> > Martin
>>
>> Would it be useful at all? What other information should updater maintain?
>>
>> Ad https://fedorahosted.org/freeipa/ticket/3095:
>> IMHO DNS configuration on client side is job for DHCP or Puppet. Isn't it?
>>
>
> A client update script for SSH keys setup etc has crossed my mind too. Such a
> script would be useful, however the various updates should be available as
> separate options to the command so the admin can choose between applying some
> options or all options. A --update-all could be used as a place holder for
> updating the whole collection of options.
Right, this would be preferred way to implement the CLI.
> As far as #3095 goes, updating the DNS client configuration is a job for DHCP
> or Puppet/CFengine. SSSD is very much dependent on DNS to work. I don't see why
> SSSD should be able to change the systems DNS servers, possibly rendering
> itself useless.
The idea was to implement a script that would could be used for example in cron
on client machines, i.e. not related to sssd. The script would be able to pull
a list of IPA DNS servers just by querying the LDAP. Though, you may be right
that is would rather be a job for DHCP/Puppet/CFEngine.
Martin
More information about the Freeipa-users
mailing list