From c34f5fbc882b16baebc18d795511e8e1fc50668b Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Wed, 7 Dec 2011 03:40:51 -0500 Subject: Update host SSH public keys on the server during client install. This is done by calling host-mod to update the keys on IPA server and nsupdate to update DNS SSHFP records. DNS update can be disabled using --no-dns-sshfp ipa-client-install option. https://fedorahosted.org/freeipa/ticket/1634 --- install/tools/ipa-replica-install | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'install/tools/ipa-replica-install') diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 4af0358d8..dda4db909 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -89,6 +89,8 @@ def parse_options(): dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true", default=False, help="Do not use DNS for hostname lookup during installation") + dns_group.add_option("--no-dns-sshfp", dest="create_sshfp", default=True, action="store_false", + help="do not automatically create DNS SSHFP records") parser.add_option_group(dns_group) options, args = parser.parse_args() @@ -455,7 +457,10 @@ def main(): # Call client install script try: - ipautil.run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", config.domain_name, "--server", config.host_name, "--realm", config.realm_name]) + args = ["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", config.domain_name, "--server", config.host_name, "--realm", config.realm_name] + if not options.create_sshfp: + args.append("--no-dns-sshfp") + ipautil.run(args) except Exception, e: print "Configuration of client side components failed!" print "ipa-client-install returned: " + str(e) -- cgit