Bug 681979

Summary: Man page is not clear for ipa-client-install --on-master option usage
Product: Red Hat Enterprise Linux 6 Reporter: Namita Soman <nsoman>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: benl, dpal, jgalipea
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-2.1.0-1.el6 Doc Type: Bug Fix
Doc Text:
Cause: An option in the client installer, --on-master, was not well-documented. Consequence: A user could inadvertently try to use it on a non-server install and end up with a non-working client. Fix: Make the option invisible and remove it entirely from documentation. Result: The option is available but hidden so users will not get confused by it.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 18:20:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Namita Soman 2011-03-03 18:55:19 UTC 
Description of problem:
man ipa-client-install indicates:
--on-master 
The client is being configured on an IPA server. 

The server uses this option to install the client.

The end user will not be using option, because server already has the client. And user shouldn't uninstall the client on the server, to reinstall using this option. This makes server unusable.


Version-Release number of selected component (if applicable):
ipa-server-2.0.0-13.20110303T0654zgit81fd790.el6.x86_64
ipa-client-2.0.0-13.20110303T0654zgit81fd790.el6.x86_64

How reproducible:


Steps to Reproduce:
1.man ipa-client-install
2.
3.
  
Actual results:
--on-master 
The client is being configured on an IPA server. 

Expected results:
description should include more info to make it clear that it is not an option to be used by an end user.


Additional info:
Comment 2 Dmitri Pal 2011-03-03 19:25:19 UTC 
https://fedorahosted.org/freeipa/ticket/1050
Comment 4 Rob Crittenden 2011-07-19 17:26:59 UTC 
master: 811f631c0978e02c8b4a771eead6e13160f1e528

ipa-2-0: 1b886a72488a82dd83376d9ecf6894a92d3fd515
Comment 5 Jenny Severance 2011-07-19 19:36:44 UTC 
verified:

Man page no longer contains --master option that would confuse someone.

ipa-client-install(1)                                    ipa-client-install(1)



NAME
       ipa-client-install - Configure an IPA client

SYNOPSIS
       ipa-client-install [OPTION]...

DESCRIPTION
       Configures  a client machine to use IPA for authentication and identity
       services.

       By default this configures SSSD to connect to an IPA server for authen-
       tication  and  authorization.  Optionally one can instead configure PAM
       and NSS (Name Switching Service) to work with an IPA server  over  Ker-
       beros and LDAP.

       An  authorized  user  is required to join a client machine to IPA. This
       can take the form of a kerberos principal or a one-time password  asso-
       ciated with the machine.

       This  same  tool  is  used to unconfigure IPA and attemps to return the
       machine to its previous state. Part of this process is to unenroll  the
       host  from  the  IPA  server.  Unenrollment  consists  of disabling the
       prinicipal key on the IPA server so that it  may  be  re-enrolled.  The
       machine  principal  in  /etc/krb5.keytab (host/<fqdn>@REALM) is used to
       authenticate to the IPA server to unenroll itself.  If  this  principal
       does  not  exist  then unenrollment will fail and an administrator will
       need to disable the host principal (ipa host-disable <fqdn>).

OPTIONS
       --domain=DOMAIN
              Set the domain name to DOMAIN

       --server=SERVER
              Set the IPA server to connect to

       --realm=REALM_NAME
              Set the IPA realm name to REALM_NAME

       -f, --force
              Force the settings even if errors occur

       -d, --debug
              Print debugging information to stdout

       -U, --unattended
              Unattended installation. The user will not be prompted.

       --ntp-server=NTP_SERVER
              Configure ntpd to use this NTP server.

       -S, --no-sssd
              Do not configure the client to use SSSD for authentication,  use
              nss_ldap instead.

       -N, --no-ntp
              Do not configure or enable NTP.

       -w PASSWORD, --password=PASSWORD
              Password  for  joining  a machine to the IPA realm. Assumes bulk
              password unless principal is also set.

       -W     Prompt for the password for joining a machine to the IPA  realm.

       -p, --principal
              Authorized kerberos principal to use to join the IPA realm.

       --permit
              Configure  SSSD to permit all access. Otherwise the machine will
              be controlled by the Host-based Access Controls  (HBAC)  on  the
              IPA server.

       --mkhomedir
              Configure  PAM  to  create a users home directory if it does not
              exist.

       --uninstall
              Remove the IPA client software and restore the configuration  to
              the pre-IPA state.

       --hostname
              The  hostname of this server (FQDN). By default of nodename from
              uname(2) is used.

       --enable-dns-updates
              This option tells SSSD to automatically update DNS with  the  IP
              address of this client.

EXIT STATUS
       0 if the installation was successful

       1 if an error occurred

       2 if uninstalling and the client is not configured



freeipa                           Mar 14 2008            ipa-client-install(1)


version:

ipa-server-2.0.99-3.20110715T0514zgit4bd85ce.el6.x86_64
ipa-client-2.0.99-3.20110715T0514zgit4bd85ce.el6.x86_64
Comment 6 Rob Crittenden 2011-10-31 15:34:46 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: An option in the client installer, --on-master, was not well-documented.
Consequence: A user could inadvertently try to use it on a non-server install and end up with a non-working client.
Fix: Make the option invisible and remove it entirely from documentation.
Result: The option is available but hidden so users will not get confused by it.
Comment 7 errata-xmlrpc 2011-12-06 18:20:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html