On 12/07/2015 02:17 PM, Tomas Babej wrote:
> On 12/04/2015 08:22 PM, Rob Crittenden wrote:
>> Martin Kosek wrote:
>>> On 12/04/2015 07:17 PM, Tomas Babej wrote:
>>>> Hi,
>>>> Avoids failing in the later stages during the ipa-client-install
>>>> command.
>>>> Tomas
>>> Is this change needed? Wouldn't it be better to update
>>> ipa-client-install or ipa-replica-install to not require the --domain
>>> option? I would hope that --domain can be figured out during
>>> installation and not passed to ipa-replica-install manually by the admin.
>>> I just think that calling
>>> # ipa-replica-install --server=master.example.com
>>> is better than
>>> # ipa-replica-install --server=master.example.com --domain example.com
>>> if possible.
>> IIRC this is for service discovery when using a specific server and not
>> LDAP. This is the domain used to search for the kerberos realm, for
>> example.
>> That isn't to say this isn't discoverable but it would require another
>> function in discovery to query what the IPA domain is from the given
>> master but it gets tricky if anonymous search is disabled, for example.
>> rob
> Needed or not, this is the behaviour that ipa-client-install has now.
> Adding a domain detection method would be a RFE for ipa-client-install
> (and imho not something we should be adding at this point).
> This patch only focuses on making the ipa-replica-install work more
> smoothly.

I am just thinking that client promotion (ipa-replica-install) and
ipa-client-install are a bit different use cases. While ipa-client-install
should be typically run in auto-discovery and you thus do not use --server
option much, while with ipa-replica-install, you want to make sure you have the
expected topology and should use --server all the time without gambling on it.

But I do not think it has to be there since 4.3 GA, can you please file a
ticket for this gap?

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to