Add flag to ipa-client-install to managed order of ipa_server in sssd

The --fixed-primary flag determine the order of the ipa_server directive.
When set the IPA server discovered (or passed in via --server or via
user-input) will be listed first. Otherwise _srv_ is listed first.

https://fedorahosted.org/freeipa/ticket/2282

1 files changed, 6 insertions, 1 deletions

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 79df8972c..af3d7312c 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -67,6 +67,8 @@ def parse_options():
     basic_group.add_option("--domain", dest="domain", help="domain name")
     basic_group.add_option("--server", dest="server", help="IPA server")
     basic_group.add_option("--realm", dest="realm_name", help="realm name")
+    basic_group.add_option("--fixed-primary", dest="primary", action="store_true",
+                      default=False, help="Configure sssd to use fixed server as primary IPA server")
     basic_group.add_option("-p", "--principal", dest="principal",
                       help="principal to use to join the IPA realm"),
     basic_group.add_option("-w", "--password", dest="password", sensitive=True,
@@ -753,7 +755,10 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, clie
         domain.set_option('dns_discovery_domain', cli_domain)
 
     if not options.on_master:
-        domain.set_option('ipa_server', '_srv_, %s' % cli_server)
+        if options.primary:
+            domain.set_option('ipa_server', '%s, _srv_' % cli_server)
+        else:
+            domain.set_option('ipa_server', '_srv_, %s' % cli_server)
     else:
         # the master should only use itself for Kerberos
         domain.set_option('ipa_server', cli_server)