summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
Diffstat (limited to 'install')
-rwxr-xr-xinstall/tools/ipa-replica-install54
-rwxr-xr-xinstall/tools/ipa-server-install124
-rw-r--r--install/tools/man/ipa-ca-install.12
-rw-r--r--install/tools/man/ipa-compat-manage.12
-rw-r--r--install/tools/man/ipa-compliance.14
-rw-r--r--install/tools/man/ipa-csreplica-manage.12
-rw-r--r--install/tools/man/ipa-dns-install.12
-rw-r--r--install/tools/man/ipa-host-net-manage.12
-rw-r--r--install/tools/man/ipa-ldap-updater.12
-rw-r--r--install/tools/man/ipa-nis-manage.12
-rw-r--r--install/tools/man/ipa-replica-conncheck.12
-rw-r--r--install/tools/man/ipa-replica-install.148
-rw-r--r--install/tools/man/ipa-replica-manage.15
-rw-r--r--install/tools/man/ipa-replica-prepare.12
-rw-r--r--install/tools/man/ipa-server-certinstall.12
-rw-r--r--install/tools/man/ipa-server-install.1113
-rw-r--r--install/tools/man/ipactl.82
17 files changed, 207 insertions, 163 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 0d6226280..50c425624 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -23,6 +23,7 @@ import socket
import os, pwd, traceback, logging, shutil
import grp
+from optparse import OptionGroup
from ipapython import ipautil
@@ -45,36 +46,45 @@ REPLICA_INFO_TOP_DIR=None
def parse_options():
usage = "%prog [options] REPLICA_FILE"
parser = IPAOptionParser(usage=usage, version=version.VERSION)
- parser.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
- help="do not configure ntp", default=True)
- parser.add_option("-d", "--debug", dest="debug", action="store_true",
- default=False, help="gather extra debugging information")
- parser.add_option("-p", "--password", dest="password", sensitive=True,
+
+ basic_group = OptionGroup(parser, "basic options")
+ basic_group.add_option("--setup-ca", dest="setup_ca", action="store_true",
+ default=False, help="configure a dogtag CA")
+ basic_group.add_option("-p", "--password", dest="password", sensitive=True,
help="Directory Manager (existing master) password")
- parser.add_option("-w", "--admin-password", dest="admin_password", sensitive=True,
+ basic_group.add_option("-w", "--admin-password", dest="admin_password", sensitive=True,
help="Admin user Kerberos password used for connection check")
- parser.add_option("--setup-dns", dest="setup_dns", action="store_true",
+ basic_group.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
+ help="do not configure ntp", default=True)
+ basic_group.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false",
+ default=True, help="Do not automatically redirect to the Web UI")
+ basic_group.add_option("--skip-conncheck", dest="skip_conncheck", action="store_true",
+ default=False, help="skip connection check to remote master")
+ basic_group.add_option("-d", "--debug", dest="debug", action="store_true",
+ default=False, help="gather extra debugging information")
+ basic_group.add_option("-U", "--unattended", dest="unattended", action="store_true",
+ default=False, help="unattended installation never prompts the user")
+ parser.add_option_group(basic_group)
+
+ cert_group = OptionGroup(parser, "certificate system options")
+ cert_group.add_option("--no-pkinit", dest="setup_pkinit", action="store_false",
+ default=True, help="disables pkinit setup steps")
+ parser.add_option_group(cert_group)
+
+ dns_group = OptionGroup(parser, "DNS options")
+ dns_group.add_option("--setup-dns", dest="setup_dns", action="store_true",
default=False, help="configure bind with our zone")
- parser.add_option("--forwarder", dest="forwarders", action="append",
+ dns_group.add_option("--forwarder", dest="forwarders", action="append",
type="ip", help="Add a DNS forwarder")
- parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
+ dns_group.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
default=False, help="Do not add any DNS forwarders, use root servers instead")
- parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use")
- parser.add_option("--no-reverse", dest="no_reverse", action="store_true",
+ dns_group.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use")
+ dns_group.add_option("--no-reverse", dest="no_reverse", action="store_true",
default=False, help="Do not create reverse DNS zone")
- parser.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
+ dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
default=False,
help="Do not use DNS for hostname lookup during installation")
- parser.add_option("--no-pkinit", dest="setup_pkinit", action="store_false",
- default=True, help="disables pkinit setup steps")
- parser.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false",
- default=True, help="Do not automatically redirect to the Web UI")
- parser.add_option("--skip-conncheck", dest="skip_conncheck", action="store_true",
- default=False, help="skip connection check to remote master")
- parser.add_option("--setup-ca", dest="setup_ca", action="store_true",
- default=False, help="configure a dogtag CA")
- parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
- default=False, help="unattended installation never prompts the user")
+ parser.add_option_group(dns_group)
options, args = parser.parse_args()
safe_options = parser.get_safe_opts(options)
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index e8a48fad2..cb51b1daf 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -40,6 +40,7 @@ from ConfigParser import RawConfigParser
import random
import tempfile
import nss.error
+from optparse import OptionGroup
from ipaserver.install import dsinstance
from ipaserver.install import krbinstance
@@ -103,88 +104,101 @@ def parse_options():
# Guaranteed to give a random 200k range below the 2G mark (uint32_t limit)
namespace = random.randint(1, 10000) * 200000
parser = IPAOptionParser(version=version.VERSION)
- parser.add_option("-r", "--realm", dest="realm_name",
+
+ basic_group = OptionGroup(parser, "basic options")
+ basic_group.add_option("-r", "--realm", dest="realm_name",
help="realm name")
- parser.add_option("-n", "--domain", dest="domain_name",
+ basic_group.add_option("-n", "--domain", dest="domain_name",
help="domain name")
- parser.add_option("-p", "--ds-password", dest="dm_password",
+ basic_group.add_option("-p", "--ds-password", dest="dm_password",
sensitive=True, help="admin password")
- parser.add_option("-P", "--master-password",
+ basic_group.add_option("-P", "--master-password",
dest="master_password", sensitive=True,
help="kerberos master password (normally autogenerated)")
- parser.add_option("-a", "--admin-password",
+ basic_group.add_option("-a", "--admin-password",
sensitive=True, dest="admin_password",
help="admin user kerberos password")
- parser.add_option("-d", "--debug", dest="debug", action="store_true",
+ basic_group.add_option("--hostname", dest="host_name", help="fully qualified name of server")
+ basic_group.add_option("--ip-address", dest="ip_address",
+ type="ip", ip_local=True,
+ help="Master Server IP Address")
+ basic_group.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
+ help="do not configure ntp", default=True)
+ basic_group.add_option("--idstart", dest="idstart", default=namespace, type=int,
+ help="The starting value for the IDs range (default random)")
+ basic_group.add_option("--idmax", dest="idmax", default=0, type=int,
+ help="The max value value for the IDs range (default: idstart+199999)")
+ basic_group.add_option("--no_hbac_allow", dest="hbac_allow", default=False,
+ action="store_true",
+ help="Don't install allow_all HBAC rule")
+ basic_group.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false",
+ default=True, help="Do not automatically redirect to the Web UI")
+ basic_group.add_option("-d", "--debug", dest="debug", action="store_true",
default=False, help="print debugging information")
- parser.add_option("", "--selfsign", dest="selfsign", action="store_true",
+ basic_group.add_option("-U", "--unattended", dest="unattended", action="store_true",
+ default=False, help="unattended (un)installation never prompts the user")
+ parser.add_option_group(basic_group)
+
+ cert_group = OptionGroup(parser, "certificate system options")
+ cert_group.add_option("", "--selfsign", dest="selfsign", action="store_true",
default=False, help="Configure a self-signed CA instance rather than a dogtag CA")
- parser.add_option("", "--external-ca", dest="external_ca", action="store_true",
+ cert_group.add_option("", "--external-ca", dest="external_ca", action="store_true",
default=False, help="Generate a CSR to be signed by an external CA")
- parser.add_option("", "--external_cert_file", dest="external_cert_file",
+ cert_group.add_option("", "--external_cert_file", dest="external_cert_file",
help="File containing PKCS#10 certificate")
- parser.add_option("", "--external_ca_file", dest="external_ca_file",
+ cert_group.add_option("", "--external_ca_file", dest="external_ca_file",
help="File containing PKCS#10 of the external CA chain")
- parser.add_option("--hostname", dest="host_name", help="fully qualified name of server")
- parser.add_option("--ip-address", dest="ip_address",
- type="ip", ip_local=True,
- help="Master Server IP Address")
- parser.add_option("--setup-dns", dest="setup_dns", action="store_true",
+ cert_group.add_option("--no-pkinit", dest="setup_pkinit", action="store_false",
+ default=True, help="disables pkinit setup steps")
+ cert_group.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12",
+ help="PKCS#12 file containing the Directory Server SSL certificate")
+ cert_group.add_option("--http_pkcs12", dest="http_pkcs12",
+ help="PKCS#12 file containing the Apache Server SSL certificate")
+ cert_group.add_option("--pkinit_pkcs12", dest="pkinit_pkcs12",
+ help="PKCS#12 file containing the Kerberos KDC SSL certificate")
+ cert_group.add_option("--dirsrv_pin", dest="dirsrv_pin", sensitive=True,
+ help="The password of the Directory Server PKCS#12 file")
+ cert_group.add_option("--http_pin", dest="http_pin", sensitive=True,
+ help="The password of the Apache Server PKCS#12 file")
+ cert_group.add_option("--pkinit_pin", dest="pkinit_pin",
+ help="The password of the Kerberos KDC PKCS#12 file")
+ cert_group.add_option("--subject", action="callback", callback=subject_callback,
+ type="string",
+ help="The certificate subject base (default O=<realm-name>)")
+ parser.add_option_group(cert_group)
+
+ dns_group = OptionGroup(parser, "DNS options")
+ dns_group.add_option("--setup-dns", dest="setup_dns", action="store_true",
default=False, help="configure bind with our zone")
- parser.add_option("--forwarder", dest="forwarders", action="append",
+ dns_group.add_option("--forwarder", dest="forwarders", action="append",
type="ip", help="Add a DNS forwarder")
- parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
+ dns_group.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
default=False, help="Do not add any DNS forwarders, use root servers instead")
- parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use")
- parser.add_option("--no-reverse", dest="no_reverse", action="store_true",
+ dns_group.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use")
+ dns_group.add_option("--no-reverse", dest="no_reverse", action="store_true",
default=False, help="Do not create reverse DNS zone")
- parser.add_option("--zonemgr", action="callback", callback=zonemgr_callback,
+ dns_group.add_option("--zonemgr", action="callback", callback=zonemgr_callback,
type="string",
help="DNS zone manager e-mail address. Defaults to root")
- parser.add_option("--zone-notif", dest="zone_notif",
+ dns_group.add_option("--zone-notif", dest="zone_notif",
action="store_true", default=False,
help="Let name server receive notification when a new zone is added." \
"Zone refresh is turned off when zone notification is enabled")
- parser.add_option("--zone-refresh", dest="zone_refresh",
+ dns_group.add_option("--zone-refresh", dest="zone_refresh",
default=DNS_ZONE_REFRESH, type="int",
help="A delay between checks for new DNS zones. Defaults to %d" \
% DNS_ZONE_REFRESH)
- parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
- default=False, help="unattended installation never prompts the user")
- parser.add_option("", "--uninstall", dest="uninstall", action="store_true",
- default=False, help="uninstall an existing installation")
- parser.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
- help="do not configure ntp", default=True)
- parser.add_option("--no-pkinit", dest="setup_pkinit", action="store_false",
- default=True, help="disables pkinit setup steps")
- parser.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12",
- help="PKCS#12 file containing the Directory Server SSL certificate")
- parser.add_option("--http_pkcs12", dest="http_pkcs12",
- help="PKCS#12 file containing the Apache Server SSL certificate")
- parser.add_option("--pkinit_pkcs12", dest="pkinit_pkcs12",
- help="PKCS#12 file containing the Kerberos KDC SSL certificate")
- parser.add_option("--dirsrv_pin", dest="dirsrv_pin", sensitive=True,
- help="The password of the Directory Server PKCS#12 file")
- parser.add_option("--http_pin", dest="http_pin", sensitive=True,
- help="The password of the Apache Server PKCS#12 file")
- parser.add_option("--pkinit_pin", dest="pkinit_pin",
- help="The password of the Kerberos KDC PKCS#12 file")
- parser.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
+ dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
default=False,
help="Do not use DNS for hostname lookup during installation")
+ parser.add_option_group(dns_group)
+
+ uninstall_group = OptionGroup(parser, "uninstall options")
+ uninstall_group.add_option("", "--uninstall", dest="uninstall", action="store_true",
+ default=False, help="uninstall an existing installation. The uninstall can " \
+ "be run with --unattended option")
+ parser.add_option_group(uninstall_group)
- parser.add_option("--idstart", dest="idstart", default=namespace, type=int,
- help="The starting value for the IDs range (default random)")
- parser.add_option("--idmax", dest="idmax", default=0, type=int,
- help="The max value value for the IDs range (default: idstart+199999)")
- parser.add_option("--subject", action="callback", callback=subject_callback,
- type="string",
- help="The certificate subject base (default O=<realm-name>)")
- parser.add_option("--no_hbac_allow", dest="hbac_allow", default=False,
- action="store_true",
- help="Don't install allow_all HBAC rule")
- parser.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false",
- default=True, help="Do not automatically redirect to the Web UI")
options, args = parser.parse_args()
safe_options = parser.get_safe_opts(options)
diff --git a/install/tools/man/ipa-ca-install.1 b/install/tools/man/ipa-ca-install.1
index 90ea84622..b70dfbd7f 100644
--- a/install/tools/man/ipa-ca-install.1
+++ b/install/tools/man/ipa-ca-install.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
-.TH "ipa-ca-install" "1" "Jun 17 2011" "freeipa" ""
+.TH "ipa-ca-install" "1" "Jun 17 2011" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-ca\-install \- Install a CA on a replica
.SH "SYNOPSIS"
diff --git a/install/tools/man/ipa-compat-manage.1 b/install/tools/man/ipa-compat-manage.1
index a45b2885d..f22b1743e 100644
--- a/install/tools/man/ipa-compat-manage.1
+++ b/install/tools/man/ipa-compat-manage.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Simo Sorce <ssorce@redhat.com>
.\"
-.TH "ipa-compat-manage" "1" "Dec 2 2008" "freeipa" ""
+.TH "ipa-compat-manage" "1" "Dec 2 2008" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-compat\-manage \- Enables or disables the schema compatibility plugin
.SH "SYNOPSIS"
diff --git a/install/tools/man/ipa-compliance.1 b/install/tools/man/ipa-compliance.1
index 09ce02df8..4f8a6191d 100644
--- a/install/tools/man/ipa-compliance.1
+++ b/install/tools/man/ipa-compliance.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
-.TH "ipa-compliance" "1" "Dec 14 2010" "freeipa" ""
+.TH "ipa-compliance" "1" "Dec 14 2010" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-compliance \- Check entitlement compliance
.SH "SYNOPSIS"
@@ -35,7 +35,7 @@ The command logs to syslog and if run from a tty will log to the terminal as wel
The IPA server provides 25 entitlements of its own.
.SH "OPTIONS"
.TP
-\fB\-\-\-debug\fR
+\fB\-\-debug\fR
Enable debugging output in the command
.SH "EXIT STATUS"
0 if the command was successful
diff --git a/install/tools/man/ipa-csreplica-manage.1 b/install/tools/man/ipa-csreplica-manage.1
index 37256f954..ddb28da41 100644
--- a/install/tools/man/ipa-csreplica-manage.1
+++ b/install/tools/man/ipa-csreplica-manage.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
-.TH "ipa-csreplica-manage" "1" "Jul 14 2011" "freeipa" ""
+.TH "ipa-csreplica-manage" "1" "Jul 14 2011" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-csreplica\-manage \- Manage an IPA CS replica
.SH "SYNOPSIS"
diff --git a/install/tools/man/ipa-dns-install.1 b/install/tools/man/ipa-dns-install.1
index 3e98dbe79..adcab95e0 100644
--- a/install/tools/man/ipa-dns-install.1
+++ b/install/tools/man/ipa-dns-install.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
-.TH "ipa-dns-install" "1" "Sep 9, 2010" "freeipa" ""
+.TH "ipa-dns-install" "1" "Sep 9, 2010" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-dns\-install \- Add DNS as a service to an IPA server
.SH "SYNOPSIS"
diff --git a/install/tools/man/ipa-host-net-manage.1 b/install/tools/man/ipa-host-net-manage.1
index f94493cb6..8b8f0237d 100644
--- a/install/tools/man/ipa-host-net-manage.1
+++ b/install/tools/man/ipa-host-net-manage.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Jr Aquino <jr.aquino@citrix.com>
.\"
-.TH "ipa-host-net-manage" "1" "Dec 2 2010" "freeipa" ""
+.TH "ipa-host-net-manage" "1" "Dec 2 2010" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-host\-net\-manage \- Enables or disables the schema Managed Entry Hostgroup -to- Netgroup plugin
.SH "SYNOPSIS"
diff --git a/install/tools/man/ipa-ldap-updater.1 b/install/tools/man/ipa-ldap-updater.1
index 487e80c36..f906528a6 100644
--- a/install/tools/man/ipa-ldap-updater.1
+++ b/install/tools/man/ipa-ldap-updater.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
-.TH "ipa-ldap-updater" "1" "Sep 12 2008" "freeipa" ""
+.TH "ipa-ldap-updater" "1" "Sep 12 2008" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-ldap\-updater \- Update the IPA LDAP configuration
.SH "SYNOPSIS"
diff --git a/install/tools/man/ipa-nis-manage.1 b/install/tools/man/ipa-nis-manage.1
index 3e32aae28..fa02cfc76 100644
--- a/install/tools/man/ipa-nis-manage.1
+++ b/install/tools/man/ipa-nis-manage.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
-.TH "ipa-nis-manage" "1" "May 6 2009" "freeipa" ""
+.TH "ipa-nis-manage" "1" "May 6 2009" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-nis\-manage \- Enables or disables the NIS listener plugin
.SH "SYNOPSIS"
diff --git a/install/tools/man/ipa-replica-conncheck.1 b/install/tools/man/ipa-replica-conncheck.1
index 21fa24ccc..2983eb621 100644
--- a/install/tools/man/ipa-replica-conncheck.1
+++ b/install/tools/man/ipa-replica-conncheck.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Martin Kosek <mkosek@redhat.com>
.\"
-.TH "ipa-replica-conncheck" "1" "Jun 2 2011" "freeipa" ""
+.TH "ipa-replica-conncheck" "1" "Jun 2 2011" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-replica\-conncheck \- Check a replica\-master network connection before installation
.SH "SYNOPSIS"
diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1
index 350160ada..c82b4a6b0 100644
--- a/install/tools/man/ipa-replica-install.1
+++ b/install/tools/man/ipa-replica-install.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
-.TH "ipa-replica-install" "1" "Mar 14 2008" "freeipa" ""
+.TH "ipa-replica-install" "1" "Sep 5 2011" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-replica\-install \- Create an IPA replica
.SH "SYNOPSIS"
@@ -26,12 +26,11 @@ Configures a new IPA server that is a replica of the server that generated it. O
The replica_file is created using the ipa\-replica\-prepare utility.
.SH "OPTIONS"
+.SS "BASIC OPTIONS"
.TP
-\fB\-N\fR, \fB\-\-no\-ntp\fR
-Do not configure NTP
-.TP
-\fB\-d\fR, \fB\-\-debug
-Enable debug logging when more verbose output is needed
+\fB\-\-setup\-ca\fR
+Install and configure a CA on this replica. If a CA is not configured then
+certificate operations will be forwarded to a master with a CA installed.
.TP
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
Directory Manager (existing master) password
@@ -39,9 +38,27 @@ Directory Manager (existing master) password
\fB\-w\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
Admin user Kerberos password used for connection check
.TP
-\fB\-\-setup\-ca\fR
-Install and configure a CA on this replica. If a CA is not configured then
-certificate operations will be forwarded to a master with a CA installed.
+\fB\-N\fR, \fB\-\-no\-ntp\fR
+Do not configure NTP
+.TP
+\fB\-\-no\-ui\-redirect\fR
+Do not automatically redirect to the Web UI.
+.TP
+\fB\-\-skip\-conncheck\fR
+Skip connection check to remote master
+.TP
+\fB\-d\fR, \fB\-\-debug
+Enable debug logging when more verbose output is needed
+.TP
+\fB\-U\fR, \fB\-\-unattended\fR
+An unattended installation that will never prompt for user input
+
+.SS "CERTIFICATE SYSTEM OPTIONS"
+.TP
+\fB\-\-no\-pkinit\fR
+Disables pkinit setup steps
+
+.SS "DNS OPTIONS"
.TP
\fB\-\-setup\-dns\fR
Generate a DNS zone if it does not exist already and configure the DNS server.
@@ -64,18 +81,7 @@ Do not create reverse DNS zone
.TP
\fB\-\-no\-host\-dns\fR
Do not use DNS for hostname lookup during installation
-.TP
-\fB\-\-no\-pkinit\fR
-Disables pkinit setup steps
-.TP
-\fB\-\-no\-ui\-redirect\fR
-Do not automatically redirect to the Web UI.
-.TP
-\fB\-\-skip\-conncheck\fR
-Skip connection check to remote master
-.TP
-\fB\-U\fR, \fB\-\-unattended\fR
-An unattended installation that will never prompt for user input
+
.SH "EXIT STATUS"
0 if the command was successful
diff --git a/install/tools/man/ipa-replica-manage.1 b/install/tools/man/ipa-replica-manage.1
index 4073dff29..5eae6f2c2 100644
--- a/install/tools/man/ipa-replica-manage.1
+++ b/install/tools/man/ipa-replica-manage.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
-.TH "ipa-replica-manage" "1" "Mar 14 2008" "freeipa" ""
+.TH "ipa-replica-manage" "1" "Mar 14 2008" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-replica\-manage \- Manage an IPA replica
.SH "SYNOPSIS"
@@ -114,4 +114,5 @@ Completely remove a replica:
Using connect/disconnect you can manage the replication topology.
.SH "EXIT STATUS"
0 if the command was successful
- 1 if an error occurred
+
+1 if an error occurred
diff --git a/install/tools/man/ipa-replica-prepare.1 b/install/tools/man/ipa-replica-prepare.1
index a8ebcc9cf..c9cd544ad 100644
--- a/install/tools/man/ipa-replica-prepare.1
+++ b/install/tools/man/ipa-replica-prepare.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
-.TH "ipa-replica-prepare" "1" "Mar 14 2008" "freeipa" ""
+.TH "ipa-replica-prepare" "1" "Mar 14 2008" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-replica\-prepare \- Create an IPA replica file
.SH "SYNOPSIS"
diff --git a/install/tools/man/ipa-server-certinstall.1 b/install/tools/man/ipa-server-certinstall.1
index feb647fdb..ab293cf0f 100644
--- a/install/tools/man/ipa-server-certinstall.1
+++ b/install/tools/man/ipa-server-certinstall.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
-.TH "ipa-server-certinstall" "1" "Mar 14 2008" "freeipa" ""
+.TH "ipa-server-certinstall" "1" "Mar 14 2008" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-server\-certinstall \- Install new SSL server certificates
.SH "SYNOPSIS"
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index 0ea8b01be..074c8d3dc 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -16,14 +16,16 @@
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
-.TH "ipa-server-install" "1" "Mar 14 2008" "freeipa" ""
+.TH "ipa-server-install" "1" "Sep 5 2011" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-server\-install \- Configure an IPA server
.SH "SYNOPSIS"
ipa\-server\-install [\fIOPTION\fR]...
.SH "DESCRIPTION"
Configures the services needed by an IPA server. This includes setting up a Kerberos Key Distribution Center (KDC) and a Kadmin daemon with an LDAP back\-end, configuring Apache, configuring NTP and optionally configuring and starting an LDAP-backed DNS server. By default a dogtag\-based CA will be configured to issue server certificates.
+
.SH "OPTIONS"
+.SS "BASIC OPTIONS"
.TP
\fB\-r\fR \fIREALM_NAME\fR, \fB\-\-realm\fR=\fIREALM_NAME\fR
The Kerberos realm name for the IPA server
@@ -40,9 +42,36 @@ The kerberos master password (normally autogenerated)
\fB\-a\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
The password for the IPA admin user
.TP
+\fB\-\-hostname\fR=\fIHOST_NAME\fR
+The fully\-qualified DNS name of this server
+.TP
+\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
+The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail.
+.TP
+\fB\-N\fR, \fB\-\-no\-ntp\fR
+Do not configure NTP
+.TP
+\fB\-\-idstart\fR=\fIIDSTART\fR
+The starting user and group id number (default random)
+.TP
+\fB\-\-idmax\fR=\fIIDMAX\fR
+The maximum user and group id number (default: idstart+199999). If set to zero, the default value will be used.
+.TP
+\fB\-\-no_hbac_allow\fR
+Don't install allow_all HBAC rule. This rule lets any user from any host access any service on any other host. It is expected that users will remove this rule before moving to production.
+.TP
+\fB\-\-no\-ui\-redirect\fR
+Do not automatically redirect to the Web UI.
+.TP
\fB\-d\fR, \fB\-\-debug\fR
Enable debug logging when more verbose output is needed
.TP
+\fB\-U\fR, \fB\-\-unattended\fR
+An unattended installation that will never prompt for user input
+
+
+.SS "CERTIFICATE SYSTEM OPTIONS"
+.TP
\fB\-\-selfsign\fR
Configure a self\-signed CA instance for issuing server certificates instead of using dogtag for certificates
.TP
@@ -55,11 +84,31 @@ File containing PKCS#10 certificate
\fB\-\-external_ca_file\fR=\fIFILE\fR
File containing PKCS#10 of the external CA chain
.TP
-\fB\-\-hostname\fR=\fIHOST_NAME\fR
-The fully\-qualified DNS name of this server
+\fB\-\-no\-pkinit\fR
+Disables pkinit setup steps
.TP
-\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
-The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail.
+\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
+PKCS#12 file containing the Directory Server SSL Certificate
+.TP
+\fB\-\-http_pkcs12\fR=\fIFILE\fR
+PKCS#12 file containing the Apache Server SSL Certificate
+.TP
+\fB\-\-pkinit_pkcs12\fR=\fIFILE\fR
+PKCS#12 file containing the Kerberos KDC SSL certificate
+.TP
+\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
+The password of the Directory Server PKCS#12 file
+.TP
+\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
+The password of the Apache Server PKCS#12 file
+.TP
+\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR
+The password of the Kerberos KDC PKCS#12 file
+.TP
+\fB\-\-subject\fR=\fISUBJECT\fR
+The certificate subject base (default O=REALM.NAME)
+
+.SS "DNS OPTIONS"
.TP
\fB\-\-setup\-dns\fR
Generate a DNS zone if it does not exist already and configure the DNS server.
@@ -94,57 +143,21 @@ Let name server receive notifications when a new zone is added. New zone is then
\fB\-\-zone\-refresh=\fIZONE_REFRESH\fR
Number of seconds between regular checks for new DNS zones. When set to 0 the name server does not check for new zones and it needs to be reloaded when a new DNS zone is added.
.TP
-\fB\-U\fR, \fB\-\-unattended\fR
-An unattended installation that will never prompt for user input
-.TP
-\fB\-\-uninstall\fR
-Uninstall an existing IPA installation
-.TP
-\fB\-N\fR, \fB\-\-no\-ntp\fR
-Do not configure NTP
-.TP
-\fB\-\-no\-pkinit\fR
-Disables pkinit setup steps
-.TP
-\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
-PKCS#12 file containing the Directory Server SSL Certificate
-.TP
-\fB\-\-http_pkcs12\fR=\fIFILE\fR
-PKCS#12 file containing the Apache Server SSL Certificate
-.TP
-\fB\-\-pkinit_pkcs12\fR=\fIFILE\fR
-PKCS#12 file containing the Kerberos KDC SSL certificate
-.TP
-\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
-The password of the Directory Server PKCS#12 file
-.TP
-\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
-The password of the Apache Server PKCS#12 file
-.TP
-\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR
-The password of the Kerberos KDC PKCS#12 file
-.TP
\fB\-\-no\-host\-dns\fR
Do not use DNS for hostname lookup during installation
+
+.SS "UNINSTALL OPTIONS"
.TP
-\fB\-\-idstart\fR=\fIIDSTART\fR
-The starting user and group id number (default random)
-.TP
-\fB\-\-idmax\fR=\fIIDMAX\fR
-The maximum user and group id number (default: idstart+199999). If set to zero, the default value will be used.
-.TP
-\fB\-\-subject\fR=\fISUBJECT\fR
- The certificate subject base (default O=REALM.NAME)
-.TP
-\fB\-\-no_hbac_allow\fR
-Don't install allow_all HBAC rule. This rule lets any user from any host access any service on any other host. It is expected that users will remove this rule before moving to production.
-.TP
-\fB\-\-no\-ui\-redirect\fR
-Do not automatically redirect to the Web UI.
+\fB\-\-uninstall\fR
+Uninstall an existing IPA installation
.TP
+\fB\-U\fR, \fB\-\-unattended\fR
+An unattended uninstallation that will never prompt for user input
+
.SH "EXIT STATUS"
-0 if the installation was successful
+0 if the (un)installation was successful
1 if an error occurred
+
.SH "SEE ALSO"
.BR ipa-dns-install (1)
diff --git a/install/tools/man/ipactl.8 b/install/tools/man/ipactl.8
index 18c682d75..05be8e0e2 100644
--- a/install/tools/man/ipactl.8
+++ b/install/tools/man/ipactl.8
@@ -16,7 +16,7 @@
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
-.TH "ipactl" "8" "Mar 14 2008" "freeipa" ""
+.TH "ipactl" "8" "Mar 14 2008" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipactl \- IPA Server Control Interface
.SH "SYNOPSIS"