On Tue, 2011-11-15 at 08:33 -0500, Dan Scott wrote: > Hi, > > On Tue, Nov 15, 2011 at 07:07, Natxo Asenjo <[email protected]> wrote: > > On Tue, Nov 15, 2011 at 12:40 AM, Dan Scott <[email protected]> > > wrote: > >> Hi, > >> > >> Is there a 'nice' way to reinstall a host? i.e. The host has already > >> been installed in FreeIPA and for whatever reason I need to reinstall > >> the OS, so I have a clean system and the host is already enrolled on > >> the server. > >> > >> ipa-client-install fails with "Host already enrolled" and I have to > >> connect to an enrolled client, remove the host, and then return to > >> install the client. > >> > >> Would it be possible to have a '--reinstall' option to > >> ipa-client-install? It wouldn't have to add the host into IPA, just > >> configure the files and get the keytab. > > > > If I understand it correctly, this could overwrite hosts passwords > > which is probably not what you want with a kerberos realm. > > So *getting* a new keytab would overwrite host passwords? Why wouldn't > I want that, if I'm reinstalling a host? > > > You should manually remove the host first from the realm and then rejoin it.
No, actually if the host offers services you probably prefer rejoining in a way that keeps the original keys in the keytab and the new keys get a new kvno. This way clients that obtained a ticket before the re-install can still use them. > Why? I'd much rather have the ipa-client-install script do the removal > for me.... if it actually requires removal and re-addition. > > Do I really have to remove and re-add? Why can't I just re-provision? You should be able to. See other mails in this thread. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
