We should allow to re-enroll the host while retaining the original certificate and ssh keys, if they have been backed up from the original machine.
In case of VMs, this would allow recreation while having no changes done to the host entry but the Kerberos keys.
Basically, we would need check if the SSL cert is already available and if it matches the one in the host entry. For SSH keys simply be restoring from the backup to their original location would be sufficient.
This is an extension of #3374.
There should be a way to differentiate "reinit" which is the current functionality and "restore" which is proposed in this ticket.
The main use case is that the machine is recycled so everything is lost and needs to be rebuilt or that the machine configuration somewhat gets broken and machine needs to be reinitialized.
What is the scenario when one would actually want a restore and care that exactly same certs and keys are restored?
Metadata Update from @tbabej: - Issue assigned to someone - Issue set to the milestone: Ticket Backlog
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.