diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2011-12-07 03:40:51 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-13 22:24:07 -0500 |
| commit | 68d1613b8d85a776d56a4777bc3a2be9dd3c69f2 (patch) | |
| tree | 6d86a6cdad8224b9c50d78a4a81e588b3b9c3900 /install | |
| parent | a3125214c78f5ba1d32877175c026aa646c37f88 (diff) | |
| download | freeipa.git-68d1613b8d85a776d56a4777bc3a2be9dd3c69f2.tar.gz freeipa.git-68d1613b8d85a776d56a4777bc3a2be9dd3c69f2.tar.xz freeipa.git-68d1613b8d85a776d56a4777bc3a2be9dd3c69f2.zip | |
Update host SSH public keys on the server during client install.
This is done by calling host-mod to update the keys on IPA server and nsupdate
to update DNS SSHFP records. DNS update can be disabled using --no-dns-sshfp
ipa-client-install option.
https://fedorahosted.org/freeipa/ticket/1634
Diffstat (limited to 'install')
| -rwxr-xr-x | install/tools/ipa-replica-install | 7 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 7 | ||||
| -rw-r--r-- | install/tools/man/ipa-replica-install.1 | 3 | ||||
| -rw-r--r-- | install/tools/man/ipa-server-install.1 | 3 |
4 files changed, 18 insertions, 2 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 4af0358d..dda4db90 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -89,6 +89,8 @@ def parse_options(): dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true", default=False, help="Do not use DNS for hostname lookup during installation") + dns_group.add_option("--no-dns-sshfp", dest="create_sshfp", default=True, action="store_false", + help="do not automatically create DNS SSHFP records") parser.add_option_group(dns_group) options, args = parser.parse_args() @@ -455,7 +457,10 @@ def main(): # Call client install script try: - ipautil.run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", config.domain_name, "--server", config.host_name, "--realm", config.realm_name]) + args = ["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", config.domain_name, "--server", config.host_name, "--realm", config.realm_name] + if not options.create_sshfp: + args.append("--no-dns-sshfp") + ipautil.run(args) except Exception, e: print "Configuration of client side components failed!" print "ipa-client-install returned: " + str(e) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 949d0219..2d6f0672 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -200,6 +200,8 @@ def parse_options(): dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true", default=False, help="Do not use DNS for hostname lookup during installation") + dns_group.add_option("--no-dns-sshfp", dest="create_sshfp", default=True, action="store_false", + help="do not automatically create DNS SSHFP records") parser.add_option_group(dns_group) uninstall_group = OptionGroup(parser, "uninstall options") @@ -1037,7 +1039,10 @@ def main(): # Call client install script try: - run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", domain_name, "--server", host_name, "--realm", realm_name, "--hostname", host_name]) + args = ["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", domain_name, "--server", host_name, "--realm", realm_name, "--hostname", host_name] + if not options.create_sshfp: + args.append("--no-dns-sshfp") + run(args) except Exception, e: sys.exit("Configuration of client side components failed!\nipa-client-install returned: " + str(e)) diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1 index 074162f0..87506477 100644 --- a/install/tools/man/ipa-replica-install.1 +++ b/install/tools/man/ipa-replica-install.1 @@ -84,6 +84,9 @@ Do not create new reverse DNS zone. If a reverse DNS zone already exists for the .TP \fB\-\-no\-host\-dns\fR Do not use DNS for hostname lookup during installation +.TP +\fB\-\-no\-dns\-sshfp\fR +Do not automatically create DNS SSHFP records. .SH "EXIT STATUS" 0 if the command was successful diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index cf7199df..87d07fc8 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -146,6 +146,9 @@ Number of seconds between regular checks for new DNS zones. When set to 0 the na .TP \fB\-\-no\-host\-dns\fR Do not use DNS for hostname lookup during installation +.TP +\fB\-\-no\-dns\-sshfp\fR +Do not automatically create DNS SSHFP records. .SS "UNINSTALL OPTIONS" .TP |