On 07/13/2016 12:36 PM, Stanislav Laznicka wrote:
> On 07/13/2016 09:51 AM, Petr Vobornik wrote:
>> On 07/13/2016 08:26 AM, Stanislav Laznicka wrote:
>>> On 07/12/2016 08:44 AM, Stanislav Laznicka wrote:
>>>> On 07/11/2016 04:27 PM, Petr Vobornik wrote:
>>>>> On 07/11/2016 01:23 PM, Stanislav Laznicka wrote:
>>>>>> https://fedorahosted.org/freeipa/ticket/6046
>>>>>>
>>>>>>
>>>>>>
>>>>> Isn't the bug about something else?
>>>>>
>>>>> The issue was that ipa-replica-install doesn't have --force-ntpd
>>>>> option.
>>>>> It is an option of ipa-client-install which is run from replica
>>>>> installer.
>>>>>
>>>>> The unattended mode is unrelated.
>>>> My understanding is that the bug says that '--force-ntpd' option
>>>> should not be shown when ipa-client-install is run during replica
>>>> installation.
>>>>
>>>> During replica installation, the ipa-client-install script is run with
>>>> the '--unattended' flag in the 'ensure_enrolled()' function. Being a
>>>> separate script, there's not many options on how to pass the
>>>> information not to show the message to ipa-client-install. Using the
>>>> already used flag to get rid of the message seemed easiest to me.
>>>> Introducing a new 'hidden' flag (like '--from-replica'), on the other
>>>> hand, seems a bit harsh.
>>>>
>>> Just to throw it out there - it's possible that the '--force-join'
>>> client option would also appear as a hint from the client install script
>>> (during replica installation). Should this also be muted somehow? To me,
>>> it seems reasonable to rather add it as an argument to
>>> ipa-replica-install to pass it to the client install script.
>>>
>> IMO client installation initiated from replica needs to have a special
>> option(hidden in help) similar to --on-server (or what's its name). E.g.
>> the name can be --replica-install. Maybe --on-server can be used but it
>> may have other implication which might not be valid for this use case.
>>
>> Anything else are just workarounds. Imagine that admin runs
>> ipa-client-install with --unattended or --force-join. He would then not
>> get the message as now.
> 

Reviving thread to get other opinion.

> The --on-master option won't do here as it seems that the client would
> require some IPA pre-configuration for successful install. A new option
> will have to be created, then.

I'm for new "hidden" option.

> 
> As I was trying to point out, the situation about --force-join is a bit
> different. The option again would be shown and is not available in
> ipa-replica-install. I think it should be available to allow direct
> replica installation even when previous installation failed/left some
> mess on the master (ofc the user could run `ipa-replica-manage del
> <bad-bad-hostname> --cleanup` on the master instead).
> 

That could work but imho is out of scope of this ticket.
-- 
Petr Vobornik

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to