On 8.12.2015 08:23, Martin Kosek wrote:
On 12/08/2015 07:57 AM, Jan Cholasta wrote:
On 7.12.2015 16:43, Martin Kosek wrote:
On 12/07/2015 02:17 PM, Tomas Babej wrote:

On 12/04/2015 08:22 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 12/04/2015 07:17 PM, Tomas Babej wrote:

Avoids failing in the later stages during the ipa-client-install


Is this change needed? Wouldn't it be better to update
ipa-client-install or ipa-replica-install to not require the --domain
option? I would hope that --domain can be figured out during
installation and not passed to ipa-replica-install manually by the admin.

I just think that calling
# ipa-replica-install --server=master.example.com
is better than
# ipa-replica-install --server=master.example.com --domain example.com
if possible.

IIRC this is for service discovery when using a specific server and not
LDAP. This is the domain used to search for the kerberos realm, for

That isn't to say this isn't discoverable but it would require another
function in discovery to query what the IPA domain is from the given
master but it gets tricky if anonymous search is disabled, for example.


Needed or not, this is the behaviour that ipa-client-install has now.
Adding a domain detection method would be a RFE for ipa-client-install
(and imho not something we should be adding at this point).

This patch only focuses on making the ipa-replica-install work more

I am just thinking that client promotion (ipa-replica-install) and
ipa-client-install are a bit different use cases. While ipa-client-install
should be typically run in auto-discovery and you thus do not use --server
option much, while with ipa-replica-install, you want to make sure you have the
expected topology and should use --server all the time without gambling on it.

But I do not think it has to be there since 4.3 GA, can you please file a
ticket for this gap?

I would rather do it now, because the change from optional to mandatory is
backward incompatible. (We don't want to break users' scripts, right?)

I think it is the other way around - with the change I was suggesting
(autodetecting --domain option instead of always requesting it, as in Tomas'
patch which we can merge if my proposal is not doable for 4.3 GA).

"with ipa-replica-install, you want to make sure you have the expected topology and should use --server all the time" sounds like you want to make --server mandatory for ipa-replica-install, which should be done either before 4.3 GA or never.

Jan Cholasta

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to