On 09/22/2012 01:22 AM, Sigbjorn Lie wrote: > On 09/21/2012 10:45 AM, Petr Spacek wrote: >> Hello users, >> >> we have a question for client machine administrators: >> >> On 09/21/2012 10:12 AM, Martin Kosek wrote: >> <snip> >> > ..., that it may be useful to implement a script >> > like "ipa-client-update" which would be capable of updating client >> > information >> > (and could be entered in a cron for example) without a need to re-enroll >> > client. Such script could for example: >> > * update SSH keys of the client >> > * update a list of IPA DNS servers in #3095 >> > * ... >> > >> > Martin >> >> Would it be useful at all? What other information should updater maintain? >> >> Ad https://fedorahosted.org/freeipa/ticket/3095: >> IMHO DNS configuration on client side is job for DHCP or Puppet. Isn't it? >> > > A client update script for SSH keys setup etc has crossed my mind too. Such a > script would be useful, however the various updates should be available as > separate options to the command so the admin can choose between applying some > options or all options. A --update-all could be used as a place holder for > updating the whole collection of options.
Right, this would be preferred way to implement the CLI. > As far as #3095 goes, updating the DNS client configuration is a job for DHCP > or Puppet/CFengine. SSSD is very much dependent on DNS to work. I don't see > why > SSSD should be able to change the systems DNS servers, possibly rendering > itself useless. The idea was to implement a script that would could be used for example in cron on client machines, i.e. not related to sssd. The script would be able to pull a list of IPA DNS servers just by querying the LDAP. Though, you may be right that is would rather be a job for DHCP/Puppet/CFEngine. Martin _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
