On 03/18/2013 02:46 PM, Tomas Babej wrote:
Hi,

A new option --force-join has been added to ipa-client-install.
It forces the host enrollment even if the host entry exists.
Old certificate is revoked, new certificate and ssh key pair
generated. See the relevant design for the re-enrollment part:
http://freeipa.org/page/V3/Client_install_using_keytab

https://fedorahosted.org/freeipa/ticket/3482

Tomas

A-and the patch itself.

Tomas
>From 559bbeb362dc984d95b7503b7eaaebbb4b13fb5f Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Mon, 18 Mar 2013 11:06:22 +0100
Subject: [PATCH] Allow host re-enrollment using delegation

A new option --force-join has been added to ipa-client-install.
It forces the host enrollment even if the host entry exists.
Old certificate is revoked, new certificate and ssh key pair
generated. See the relevant design for the re-enrollment part:
http://freeipa.org/page/V3/Client_install_using_keytab

https://fedorahosted.org/freeipa/ticket/3482
---
 ipa-client/ipa-install/ipa-client-install | 5 +++++
 ipa-client/man/ipa-client-install.1       | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index d9e1b7e786466ba11fb8fd1d00a72904dfcc0005..0239dc8463aae46eb5ffb92988808733779e3461 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -111,6 +111,9 @@ def parse_options():
                       help="The hostname of this machine (FQDN). If specified, the hostname will be set and "
                            "the system configuration will be updated to persist over reboot. "
                            "By default a nodename result from uname(2) is used.")
+    basic_group.add_option("", "--force-join", dest="force_join",
+                      action="store_true", default=False,
+                      help="Force client enrollment even if already enrolled")
     basic_group.add_option("--ntp-server", dest="ntp_server", help="ntp server to use")
     basic_group.add_option("-N", "--no-ntp", action="store_false",
                       help="do not configure ntp", default=True, dest="conf_ntp")
@@ -1986,6 +1989,8 @@ def install(options, env, fstore, statestore):
             if options.hostname:
                 join_args.append("-h")
                 join_args.append(options.hostname)
+            if options.force_join:
+                join_args.append("-f")
             if options.principal is not None:
                 stdin = None
                 principal = options.principal
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index 8a77a113a58556c39f401f9079cff35d273c1e4a..d98318eeda1d6b60d4a6bcb1321db03bfabe15a8 100644
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@@ -77,7 +77,7 @@ Password for joining a machine to the IPA realm. Assumes bulk password unless pr
 Prompt for the password for joining a machine to the IPA realm.
 .TP
 \fB\-k\fR, \fB\-\-keytab\fR
-Path to backed up host keytab from previous enrollment.
+Path to backed up host keytab from previous enrollment. Joins the host even if it is already enrolled.
 .TP
 \fB\-\-mkhomedir\fR
 Configure PAM to create a users home directory if it does not exist.
@@ -85,6 +85,9 @@ Configure PAM to create a users home directory if it does not exist.
 \fB\-\-hostname\fR
 The hostname of this machine (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used.
 .TP
+\fB\-\-force\-join\fR
+Join the host even if it is already enrolled.
+.TP
 \fB\-\-ntp\-server\fR=\fINTP_SERVER\fR
 Configure ntpd to use this NTP server.
 .TP
-- 
1.7.11.7

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to