diff options
author | Jan Cholasta <jcholast@redhat.com> | 2011-12-07 03:40:51 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-13 22:21:43 -0500 |
commit | c34f5fbc882b16baebc18d795511e8e1fc50668b (patch) | |
tree | 05b15df263fceb0dff104e274338178d33f29dd7 /install | |
parent | 9b6649a1ce7c15043c9d197363c3b9fdd4b12a1d (diff) | |
download | freeipa-c34f5fbc882b16baebc18d795511e8e1fc50668b.tar.gz freeipa-c34f5fbc882b16baebc18d795511e8e1fc50668b.tar.xz freeipa-c34f5fbc882b16baebc18d795511e8e1fc50668b.zip |
Update host SSH public keys on the server during client install.
This is done by calling host-mod to update the keys on IPA server and nsupdate
to update DNS SSHFP records. DNS update can be disabled using --no-dns-sshfp
ipa-client-install option.
https://fedorahosted.org/freeipa/ticket/1634
Diffstat (limited to 'install')
-rwxr-xr-x | install/tools/ipa-replica-install | 7 | ||||
-rwxr-xr-x | install/tools/ipa-server-install | 7 | ||||
-rw-r--r-- | install/tools/man/ipa-replica-install.1 | 3 | ||||
-rw-r--r-- | install/tools/man/ipa-server-install.1 | 3 |
4 files changed, 18 insertions, 2 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 4af0358d8..dda4db909 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -89,6 +89,8 @@ def parse_options(): dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true", default=False, help="Do not use DNS for hostname lookup during installation") + dns_group.add_option("--no-dns-sshfp", dest="create_sshfp", default=True, action="store_false", + help="do not automatically create DNS SSHFP records") parser.add_option_group(dns_group) options, args = parser.parse_args() @@ -455,7 +457,10 @@ def main(): # Call client install script try: - ipautil.run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", config.domain_name, "--server", config.host_name, "--realm", config.realm_name]) + args = ["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", config.domain_name, "--server", config.host_name, "--realm", config.realm_name] + if not options.create_sshfp: + args.append("--no-dns-sshfp") + ipautil.run(args) except Exception, e: print "Configuration of client side components failed!" print "ipa-client-install returned: " + str(e) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 949d0219b..2d6f06722 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -200,6 +200,8 @@ def parse_options(): dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true", default=False, help="Do not use DNS for hostname lookup during installation") + dns_group.add_option("--no-dns-sshfp", dest="create_sshfp", default=True, action="store_false", + help="do not automatically create DNS SSHFP records") parser.add_option_group(dns_group) uninstall_group = OptionGroup(parser, "uninstall options") @@ -1037,7 +1039,10 @@ def main(): # Call client install script try: - run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", domain_name, "--server", host_name, "--realm", realm_name, "--hostname", host_name]) + args = ["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", domain_name, "--server", host_name, "--realm", realm_name, "--hostname", host_name] + if not options.create_sshfp: + args.append("--no-dns-sshfp") + run(args) except Exception, e: sys.exit("Configuration of client side components failed!\nipa-client-install returned: " + str(e)) diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1 index 074162f0c..87506477e 100644 --- a/install/tools/man/ipa-replica-install.1 +++ b/install/tools/man/ipa-replica-install.1 @@ -84,6 +84,9 @@ Do not create new reverse DNS zone. If a reverse DNS zone already exists for the .TP \fB\-\-no\-host\-dns\fR Do not use DNS for hostname lookup during installation +.TP +\fB\-\-no\-dns\-sshfp\fR +Do not automatically create DNS SSHFP records. .SH "EXIT STATUS" 0 if the command was successful diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index 6f1e59e75..23b51979d 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -147,6 +147,9 @@ Number of seconds between regular checks for new DNS zones. When set to 0 the na .TP \fB\-\-no\-host\-dns\fR Do not use DNS for hostname lookup during installation +.TP +\fB\-\-no\-dns\-sshfp\fR +Do not automatically create DNS SSHFP records. .SS "UNINSTALL OPTIONS" .TP |