On 13.7.2015 16:32, Alexander Bokovoy wrote: > On Mon, 13 Jul 2015, Jan Pazdziora wrote: >> On Mon, Jul 13, 2015 at 03:12:13PM +0200, Petr Spacek wrote: >>> >>> Personally-opinionated-NACK. >>> >>> I would like to avoid advertising --force options when possible. --force >>> should not be necessary in proper setups and advertising it will make people >>> to use it instead of fixing underlying problems. >> >> How do you propose for things to work when the host is pre-created >> (with --random) and the service should be pre-created, and then IP >> address will only be set by the machine itself when it IPA-enrolls >> with the OTP? > This is a workflow question, not a code fix. If you need to use --force, > use it but this specific flow has to be documented, not suggested by the > code. We have plenty of cases where you have to use --addattr/--setattr > as well, but we don't advertise them in the error messages. > > On contrary, documenting the fact that in some workflows you actually > need to override default belts and suspenders is fine.
I agree with Alexander. The point is that you have to know what you are doing if you decide to use --force/--setattr and advertising them will lead to cargo cults. The idea of services/hosts without host entry may be worth discussing, please start a separate thread on ipa-devel. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code