freeipa

Clone
Source Code
GIT

#5676 [RFE] ipa-client-install: need an option to completely remove client from idm server.
Opened 8 years ago by pvoborni. Modified 6 years ago

Open
Close issue as:
fixed wontfix worksforme duplicate insufficientinfo invalid

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1301582

Description of problem:

We can see in documentation:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/L
inux_Domain_Identity_Authentication_and_Policy_Guide/trouble.html#uninstalling-
clients

" The only way to uninstall a client completely is to use ipa-client-install
--uninstall. "

It could be interesting, at uninstall, to have an option to do the exact
symetric operation than ipa-client-install.

Today, the ipa-client-install command creates entries on server.

And the --uninstall is not deleting them. We need to do

ipa-client-install --uninstall
ipa host-del <client machine>

to invert the client install. An option "--clean-all" or "--server-clean" could
delete also host entry + dns entry if possible ?



Version-Release number of selected component (if applicable):

ipa-client-4.2.0-15.el7_2.3.x86_64
ipa-server-4.2.0-15.el7_2.3.x86_64

development summary for host-del/client uninstall changes, as agreed on devel meeting:

  • host-del --updatedns will become ENUM, listing records that should be deleted, including "all" option to delete whole DNS entry. Default will be "a,aaaa,SSHFP". It won't do any other searches (for SRV for example) #5675
  • Allow host to delete it's own host and service entries instead of just disabling the host.
    • It was agreed that this should be the default of "ipa-client-install --uninstall". There should be also an option to not delete it (would be used by junior admin for example, when uninstalling and re-enrolling the client) #5676
    • Make sure that we only remove services with the same name as the client, not all managed by host (think about cluster case)
  • Honza: should host be in it's own managedBy which would be the default and admin could choose to not add it there and thus not allow it to delete itself.
  • simo: maybe keeping backward compatibility is more important, discuss later if --remove option would be better

Summary of internal discussion

  1. It is a good idea to have an option to clean DNS record on the host-del
  2. Since there are already expectations about system behavior this option would not be enabled by default.

It is more related to #5675, but here the context is that cleanup should not be a default behavior.

This ticket is out of scope of 4.4.0 release. Moving to 4.4.1. Note that 4.4.1 needs to be triaged, therefore not everything will be implemented.

This is out of scope of minor release.

Metadata Update from @pvoborni:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.5 backlog
7 years ago

Metadata Update from @mbasti:
- Issue close_status updated to: None
6 years ago

Metadata Update from @mbasti:
- Assignee reset
- Issue close_status updated to: None
6 years ago

hmm gparante's Original req was to delete ipa client entry from ipa server during ipa-client-install --uninstall. How about calling ipa host-del ipa-client-hostname in ipa-client uninstall function.
host-del can carry functionality as agreed upon but client record from server will get cleared.

Login to comment on this ticket.

Metadata
None
None
None
None
normal
None
None
None
None
enhancement
None
None
IPA
None
0
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1301582
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.