On 07/13/2016 08:26 AM, Stanislav Laznicka wrote:
> On 07/12/2016 08:44 AM, Stanislav Laznicka wrote:
>> On 07/11/2016 04:27 PM, Petr Vobornik wrote:
>>> On 07/11/2016 01:23 PM, Stanislav Laznicka wrote:
>>>> https://fedorahosted.org/freeipa/ticket/6046
>>> Isn't the bug about something else?
>>> The issue was that ipa-replica-install doesn't have --force-ntpd option.
>>> It is an option of ipa-client-install which is run from replica
>>> installer.
>>> The unattended mode is unrelated.
>> My understanding is that the bug says that '--force-ntpd' option
>> should not be shown when ipa-client-install is run during replica
>> installation.
>> During replica installation, the ipa-client-install script is run with
>> the '--unattended' flag in the 'ensure_enrolled()' function. Being a
>> separate script, there's not many options on how to pass the
>> information not to show the message to ipa-client-install. Using the
>> already used flag to get rid of the message seemed easiest to me.
>> Introducing a new 'hidden' flag (like '--from-replica'), on the other
>> hand, seems a bit harsh.
> Just to throw it out there - it's possible that the '--force-join'
> client option would also appear as a hint from the client install script
> (during replica installation). Should this also be muted somehow? To me,
> it seems reasonable to rather add it as an argument to
> ipa-replica-install to pass it to the client install script.

IMO client installation initiated from replica needs to have a special
option(hidden in help) similar to --on-server (or what's its name). E.g.
the name can be --replica-install. Maybe --on-server can be used but it
may have other implication which might not be valid for this use case.

Anything else are just workarounds. Imagine that admin runs
ipa-client-install with --unattended or --force-join. He would then not
get the message as now.
Petr Vobornik

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to