On 23.11.2015 12:50, Tomas Babej wrote:

this patch implements the single command replica promotion&enrollment
for #5310.



1) ensure_enrolled() should be called from promote_check() after the client check is done:

    client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
    if not client_fstore.has_files():


+    server_name = Knob(
+        str, None,
+        description="fully qualified name of IPA server to enrooll to",
+        cli_name='server',
+    )

Please use the same identifier ipa-client-install uses, i.e. s/server_name/server/.

Also there is typo in the description: "enrooll".


+    host_name = Knob(
+        str, None,
+        description="fully qualified name of this host",
+        cli_name='hostname',
+    )

This knob is already defined in BaseServer, there's no need to redefine it here (just remove the "host_name = None").

If you want to change the description, change it in BaseServer.


+    keytab = Knob(
+        str, None,
+        description="path to backed up keytab from previous enrollment",
+        cli_name='keytab',
+    )

ipa-client-install uses the short name -k for the keytab option, it should be used here as well.

5) The replica file argument conflicts with the --realm, --domain, --server, --admin-password and --principal options. This should be checked in Replica.__init__().

The --hostname option should either be conflicting as well or be implemented properly for legacy replica install.

6) I think --admin-password should be renamed to --password and the description changed, since it now also allows OTP enrollment.


Jan Cholasta

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to