On 03/03/2016 03:52 PM, Martin Basti wrote:
I'm trying to implement both tickets, but I don't like the way we
decided on devel meeting anymore.
ipa host-del --updatedns
I propose to only delete A, AAAA and related PTR records (SSHFP records
explained later). The record are somehow managed by IPA
I don't like the idea of having an extra option to specify record types
that should be removed or a flag that will remove DNS entry completely.
IMO that is duplication of dnsrecord-mod/del functionality, host-del
should not be used for managing DNS. If somebody wants better
granularity, the one should use 'dnsrecord-mod zone rec --type-rec=' or
AFAIK the proposal on devel meeting was:
--update-dns will delete A, AAAA, SSHFP
--update-dns=all will delete the whole DNS record LDAP entry
there was also a proposal for granularity, e.g., --update-dns=a,aaaa.
Then it was agreed that --update-dns won't search for SRV records (not
mentioned here, so OK).
PTR records weren't discussed or decision was not recorded.
The proposal above keeps backwards compatibility though it may not be
possible to do with current framework. Or do we have support for
multivalued enum with default value(s) which acts as a flag?
If the new option type is too complicated to introduce, then I would
prefer to keep current option(flag) with behavior matching proposal for
--update-dns or --update-dns=all.
Definitely big +1 on not introducing a new option.
No need to over-engineer it.
Not sure about PTR records.
Note: due backward compatibility --updatedns cannot be migrated to ENUM,
new option needed
SSHFP records and host-del (https://fedorahosted.org/freeipa/ticket/5715)
host-del removes SSH keys from LDAP, thus there is no reason to keep
SSHFP record in DNS, thus SSHFP records should be removed always (even
without --updatedns option)
SSHFP record are always added via nsupdate to DNS, IMO during client
uninstall all SSHFP record related to client should be removed via
IMHO not necessary will be solved either by #5676 and/or #5715(currently
uninstall indirectly calls ipa-host-disable)
ipa-client-install --uninstall --delete-host #suggestions how to name
option for removing host entry for ldap welcome
Should this option call 'host-del' or 'host-del --updatedns'?
I would like to avoid additional DNS related option to be added to
Also do we really want to implement this ticket? What is the gain there?
The devel discussions which is recorded in
Suggests to change default behavior in ipa-client-install --uninstall so
that it will call:
`ipa host-del --update-dns` instead of `ipa-join --unenroll`. So it will
also do #3.
Further proposal in #5676 is to introduce a new option(--keephost ??) to
keep the host records, i.e., the old behavior.
simo: maybe keeping backward compatibility is more important, discuss
later if --remove option would be better
suggest that further discussion is needed
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code