From a7ccc198a731d0e48319a73bcb2dd98c34de262a Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Mon, 18 Mar 2013 11:06:22 +0100 Subject: Allow host re-enrollment using delegation A new option --force-join has been added to ipa-client-install. It forces the host enrollment even if the host entry exists. Old certificate is revoked, new certificate and ssh key pair generated. See the relevant design for the re-enrollment part: http://freeipa.org/page/V3/Forced_client_re-enrollment https://fedorahosted.org/freeipa/ticket/3482 --- ipa-client/ipa-install/ipa-client-install | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'ipa-client/ipa-install/ipa-client-install') diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index f1b2c1887..6be4a9013 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -111,6 +111,9 @@ def parse_options(): help="The hostname of this machine (FQDN). If specified, the hostname will be set and " "the system configuration will be updated to persist over reboot. " "By default a nodename result from uname(2) is used.") + basic_group.add_option("", "--force-join", dest="force_join", + action="store_true", default=False, + help="Force client enrollment even if already enrolled") basic_group.add_option("--ntp-server", dest="ntp_server", help="ntp server to use") basic_group.add_option("-N", "--no-ntp", action="store_false", help="do not configure ntp", default=True, dest="conf_ntp") @@ -1989,6 +1992,8 @@ def install(options, env, fstore, statestore): if options.hostname: join_args.append("-h") join_args.append(options.hostname) + if options.force_join: + join_args.append("-f") if options.principal is not None: stdin = None principal = options.principal -- cgit