On Tue, Nov 15, 2011 at 16:06, Natxo Asenjo <natxo.ase...@gmail.com> wrote:
> On Tue, Nov 15, 2011 at 2:38 PM, Simo Sorce <s...@redhat.com> wrote:
>> On Tue, 2011-11-15 at 08:33 -0500, Dan Scott wrote:
>>> On Tue, Nov 15, 2011 at 07:07, Natxo Asenjo <natxo.ase...@gmail.com> wrote:
>>> > On Tue, Nov 15, 2011 at 12:40 AM, Dan Scott <danieljamessc...@gmail.com>
>>> > wrote:
>>> >> Hi,
>>> >> Is there a 'nice' way to reinstall a host? i.e. The host has already
>>> >> been installed in FreeIPA and for whatever reason I need to reinstall
>>> >> the OS, so I have a clean system and the host is already enrolled on
>>> >> the server.
>>> >> ipa-client-install fails with "Host already enrolled" and I have to
>>> >> connect to an enrolled client, remove the host, and then return to
>>> >> install the client.
>>> >> Would it be possible to have a '--reinstall' option to
>>> >> ipa-client-install? It wouldn't have to add the host into IPA, just
>>> >> configure the files and get the keytab.
>>> > If I understand it correctly, this could overwrite hosts passwords
>>> > which is probably not what you want with a kerberos realm.
>>> So *getting* a new keytab would overwrite host passwords? Why wouldn't
>>> I want that, if I'm reinstalling a host?
>>> > You should manually remove the host first from the realm and then rejoin
>>> > it.
>> No, actually if the host offers services you probably prefer rejoining
>> in a way that keeps the original keys in the keytab and the new keys get
>> a new kvno. This way clients that obtained a ticket before the
>> re-install can still use them.
> I understand your point but ..., is there not a risk that any new
> installed host could so supplant another one? I mean, if I boostrap a
> new host with the name of an existing host, it would then in fact
> become that host and that may not be what I want to do. This would
> also replace the dns A record to the host, obviously.
There is that risk, but isn't there also the same risk of incorrectly
removing an existing host?
Why would it have to replace the DNS record? I guess that could be an
option too, but I'm really after an option to re-configure a server
with the same IP. The IP address check can also be used to help
prevent the error you mentioned.
I would agree with you that if you're adding a server with the same
hostname but different IP then that really should be a 'remove and
re-install' rather than the reconfigure that I'm after.
> At least in my experience with AD one has to delete the computer
> account when re-installing a host or you get warnings about duplicate
> computer names and failures to joing the domain.
FreeIPA currently gives those warnings. This would just be a new
option which says "I know that this server already exists, I want to
> Freeipa-users mailing list
Freeipa-users mailing list