I would like to see a method by which the ipa-client-install script could be made to optionally correct corrupted configs rather than requiring a full un-enroll re-enroll, or manual investigation of the drift.
There would be a tangible benefit for the lifecycle beyond initial birth if this feature existed, especially considering some of the backend plugins like memberOf that do have a resource cost associated with them.
This should be done using Augeas (#525).
There was some discussion about this on IRC, I didn't catch the final result.
In theory simply running ipa-client-install --uninstall -U && ipa-client-install again will refresh the whole client.
It probably wouldn't be a tremendous amount of work to add some sort of --refresh flag that would use existing settings to reconfigure things. The question is whether the keytab and SSL keys would be included in that or if we'd just redo the configuration files.
Marked https://fedorahosted.org/freeipa/ticket/2106 as duplicate
Metadata Update from @jraquino:
- Issue assigned to rcritten
- Issue set to the milestone: Tickets Deferred
The ansible_freeipa collection provides ipaclient role that allows a repair mode with the variable ipaclient_allow_repair.
Closing this ticket as the ipaclient role will be the recommended method to perform a repair of an already installed client.
Metadata Update from @frenaud:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)
to comment on this ticket.