Bug 681979 – Man page is not clear for ipa-client-install --on-master option usage

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 681979 - Man page is not clear for ipa-client-install --on-master option usage

Summary:	Man page is not clear for ipa-client-install --on-master option usage

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa (Show other bugs)
Sub Component:
Version:	6.1
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Rob Crittenden
QA Contact:	Chandrasekar Kannan
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2011-03-03 13:55 EST by Namita Soman
Modified:	2015-01-04 18:46 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	ipa-2.1.0-1.el6
Doc Type:	Bug Fix
Doc Text:	Cause: An option in the client installer, --on-master, was not well-documented. Consequence: A user could inadvertently try to use it on a non-server install and end up with a non-working client. Fix: Make the option invisible and remove it entirely from documentation. Result: The option is available but hidden so users will not get confused by it.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2011-12-06 13:20:39 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:1533	normal	SHIPPED_LIVE	Moderate: ipa security and bug fix update	2011-12-05 20:23:31 EST

Groups: None (edit)

Description Namita Soman 2011-03-03 13:55:19 EST

Description of problem:
man ipa-client-install indicates:
--on-master 
The client is being configured on an IPA server. 

The server uses this option to install the client.

The end user will not be using option, because server already has the client. And user shouldn't uninstall the client on the server, to reinstall using this option. This makes server unusable.


Version-Release number of selected component (if applicable):
ipa-server-2.0.0-13.20110303T0654zgit81fd790.el6.x86_64
ipa-client-2.0.0-13.20110303T0654zgit81fd790.el6.x86_64

How reproducible:


Steps to Reproduce:
1.man ipa-client-install
2.
3.
  
Actual results:
--on-master 
The client is being configured on an IPA server. 

Expected results:
description should include more info to make it clear that it is not an option to be used by an end user.


Additional info:

Comment 2 Dmitri Pal 2011-03-03 14:25:19 EST

https://fedorahosted.org/freeipa/ticket/1050

Comment 4 Rob Crittenden 2011-07-19 13:26:59 EDT

master: 811f631c0978e02c8b4a771eead6e13160f1e528

ipa-2-0: 1b886a72488a82dd83376d9ecf6894a92d3fd515

Comment 5 Jenny Galipeau 2011-07-19 15:36:44 EDT

verified:

Man page no longer contains --master option that would confuse someone.

ipa-client-install(1)                                    ipa-client-install(1)



NAME
       ipa-client-install - Configure an IPA client

SYNOPSIS
       ipa-client-install [OPTION]...

DESCRIPTION
       Configures  a client machine to use IPA for authentication and identity
       services.

       By default this configures SSSD to connect to an IPA server for authen-
       tication  and  authorization.  Optionally one can instead configure PAM
       and NSS (Name Switching Service) to work with an IPA server  over  Ker-
       beros and LDAP.

       An  authorized  user  is required to join a client machine to IPA. This
       can take the form of a kerberos principal or a one-time password  asso-
       ciated with the machine.

       This  same  tool  is  used to unconfigure IPA and attemps to return the
       machine to its previous state. Part of this process is to unenroll  the
       host  from  the  IPA  server.  Unenrollment  consists  of disabling the
       prinicipal key on the IPA server so that it  may  be  re-enrolled.  The
       machine  principal  in  /etc/krb5.keytab (host/<fqdn>@REALM) is used to
       authenticate to the IPA server to unenroll itself.  If  this  principal
       does  not  exist  then unenrollment will fail and an administrator will
       need to disable the host principal (ipa host-disable <fqdn>).

OPTIONS
       --domain=DOMAIN
              Set the domain name to DOMAIN

       --server=SERVER
              Set the IPA server to connect to

       --realm=REALM_NAME
              Set the IPA realm name to REALM_NAME

       -f, --force
              Force the settings even if errors occur

       -d, --debug
              Print debugging information to stdout

       -U, --unattended
              Unattended installation. The user will not be prompted.

       --ntp-server=NTP_SERVER
              Configure ntpd to use this NTP server.

       -S, --no-sssd
              Do not configure the client to use SSSD for authentication,  use
              nss_ldap instead.

       -N, --no-ntp
              Do not configure or enable NTP.

       -w PASSWORD, --password=PASSWORD
              Password  for  joining  a machine to the IPA realm. Assumes bulk
              password unless principal is also set.

       -W     Prompt for the password for joining a machine to the IPA  realm.

       -p, --principal
              Authorized kerberos principal to use to join the IPA realm.

       --permit
              Configure  SSSD to permit all access. Otherwise the machine will
              be controlled by the Host-based Access Controls  (HBAC)  on  the
              IPA server.

       --mkhomedir
              Configure  PAM  to  create a users home directory if it does not
              exist.

       --uninstall
              Remove the IPA client software and restore the configuration  to
              the pre-IPA state.

       --hostname
              The  hostname of this server (FQDN). By default of nodename from
              uname(2) is used.

       --enable-dns-updates
              This option tells SSSD to automatically update DNS with  the  IP
              address of this client.

EXIT STATUS
       0 if the installation was successful

       1 if an error occurred

       2 if uninstalling and the client is not configured



freeipa                           Mar 14 2008            ipa-client-install(1)


version:

ipa-server-2.0.99-3.20110715T0514zgit4bd85ce.el6.x86_64
ipa-client-2.0.99-3.20110715T0514zgit4bd85ce.el6.x86_64

Comment 6 Rob Crittenden 2011-10-31 11:34:46 EDT

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: An option in the client installer, --on-master, was not well-documented.
Consequence: A user could inadvertently try to use it on a non-server install and end up with a non-working client.
Fix: Make the option invisible and remove it entirely from documentation.
Result: The option is available but hidden so users will not get confused by it.

Comment 7 errata-xmlrpc 2011-12-06 13:20:39 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html

Note You need to log in before you can comment on or make changes to this bug.