diff options
author | Tomas Babej <tbabej@redhat.com> | 2013-03-18 11:06:22 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-03-25 10:53:25 +0100 |
commit | a7ccc198a731d0e48319a73bcb2dd98c34de262a (patch) | |
tree | c48c5980b4d27c41e155aef401538da8b59ec9bf /ipa-client/ipa-install/ipa-client-install | |
parent | 322458b5b2f80e179ef43b904c2665254c0a3763 (diff) | |
download | freeipa-a7ccc198a731d0e48319a73bcb2dd98c34de262a.tar.gz freeipa-a7ccc198a731d0e48319a73bcb2dd98c34de262a.tar.xz freeipa-a7ccc198a731d0e48319a73bcb2dd98c34de262a.zip |
Allow host re-enrollment using delegation
A new option --force-join has been added to ipa-client-install.
It forces the host enrollment even if the host entry exists.
Old certificate is revoked, new certificate and ssh key pair
generated. See the relevant design for the re-enrollment part:
http://freeipa.org/page/V3/Forced_client_re-enrollment
https://fedorahosted.org/freeipa/ticket/3482
Diffstat (limited to 'ipa-client/ipa-install/ipa-client-install')
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index f1b2c1887..6be4a9013 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -111,6 +111,9 @@ def parse_options(): help="The hostname of this machine (FQDN). If specified, the hostname will be set and " "the system configuration will be updated to persist over reboot. " "By default a nodename result from uname(2) is used.") + basic_group.add_option("", "--force-join", dest="force_join", + action="store_true", default=False, + help="Force client enrollment even if already enrolled") basic_group.add_option("--ntp-server", dest="ntp_server", help="ntp server to use") basic_group.add_option("-N", "--no-ntp", action="store_false", help="do not configure ntp", default=True, dest="conf_ntp") @@ -1989,6 +1992,8 @@ def install(options, env, fstore, statestore): if options.hostname: join_args.append("-h") join_args.append(options.hostname) + if options.force_join: + join_args.append("-f") if options.principal is not None: stdin = None principal = options.principal |