[Freeipa-users] Do we need ipa-client-update script?
Sigbjorn Lie
sigbjorn at nixtra.com
Fri Sep 21 23:22:25 UTC 2012
On 09/21/2012 10:45 AM, Petr Spacek wrote:
> Hello users,
>
> we have a question for client machine administrators:
>
> On 09/21/2012 10:12 AM, Martin Kosek wrote:
> <snip>
> > ..., that it may be useful to implement a script
> > like "ipa-client-update" which would be capable of updating client
> information
> > (and could be entered in a cron for example) without a need to
> re-enroll
> > client. Such script could for example:
> > * update SSH keys of the client
> > * update a list of IPA DNS servers in #3095
> > * ...
> >
> > Martin
>
> Would it be useful at all? What other information should updater
> maintain?
>
> Ad https://fedorahosted.org/freeipa/ticket/3095:
> IMHO DNS configuration on client side is job for DHCP or Puppet. Isn't
> it?
>
A client update script for SSH keys setup etc has crossed my mind too.
Such a script would be useful, however the various updates should be
available as separate options to the command so the admin can choose
between applying some options or all options. A --update-all could be
used as a place holder for updating the whole collection of options.
As far as #3095 goes, updating the DNS client configuration is a job for
DHCP or Puppet/CFengine. SSSD is very much dependent on DNS to work. I
don't see why SSSD should be able to change the systems DNS servers,
possibly rendering itself useless.
Regards,
Siggi
More information about the Freeipa-users
mailing list