[Freeipa-users] Howto re-deploy an IPA-client using kickstart

Sat Jan 12 21:06:50 UTC 2013

On 01/12/2013 03:28 AM, Fred van Zwieten wrote:
> Hi there,
>
> We are in the process of implementing Satellite and want to automate
> server installations 100% using kickstart, cobbler, satellite.
>
> IPA clients can be scripted enrolled using kickstart. Plenty of
> documentation about that.
>
> However, how to "re"-enroll IPA clients?
>
> Satellite gives me the option to re-install a server. In this case,
> there are still host and possibly service records for this host
> present in IPA and DNS.
>
> One way to think about this is, that it's actually OK to keep those
> records there, because it is a "re"-installation, so why remove and
> re-enroll? However, there is the krb5.keytab in /etc. I could save
> that file during redeployment, but I'm not sure if that will work. And
> iare there any other gotcha's.
>
> So, the question is, how to re-install an IPA client using kickstart
> (silent re-install)?

The question is how/do you remove the client?
Based on what you say above you use the same system so there are some
leftovers. If you can run ipa-client-install --uninstall it should clean
things like keytab and certs (there have been bugs fixed in freeIPA
3.0). If the client has access to the server it will clean (not remove)
the host entry too. Then you can re-run the install. If you use OTP you
would need to reset OTP first.

>
> Regards,
>
> Fred
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.

-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130112/cb071694/attachment.htm>