#6434 Installers: perform host enrollment also in domain level 0 replica install
Closed: Fixed None Opened 7 years ago by mbabinsk.

In order to unify the replica install workflow across domain levels, the domain level 0 installer has to perform a lightweight version of 'client install' consisting of:

  • configuring krb5.conf
  • getting host keytab
  • adding host entry to 'ipaservers' group

We can leverage the existing available workflow by creating host entry first and then either use OTP to enroll the would-be replica, or request a keytab using ipa-getkeytab and use it to perform enrollment. Other means are open to discussion.

Part of installer refactoring effort


master:

  • 1991279 fix incorrect invocation of ipa-getkeytab during DL0 host enrollment
  • a6ec372 do partial host enrollment in domain level 0 replica install
  • 3d5161d Separate function to purge IPA host principals from keytab

Metadata Update from @mbabinsk:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.5

7 years ago

Login to comment on this ticket.

Metadata