On 8/7/20 12:49 PM, Bo Lind via FreeIPA-users wrote:

We have a workflow where we sometimes reinstall enrolled hosts. The role of the host does not change, IP, hostname etc. stay unchanged.

Our current workflow is to enter the GUI, select unprovision, set a one time password, and then enroll the freshly installed host.

Hi,

- unprovision is the equivalent of "ipa host-disable <hostname>". - in order to set a one-time password, use "ipa host-mod --password=<value> <hostname>", or to generate a random value "ipa host-mod --random <hostname>".

The re-enrolling methods are described in [1] Re-enrolling a client into the IdM domain. You can either use --force-join or re-use the host keytab.

The drawback of using "ipa host-disable" is that it also disables all the services configured on the host.

HTH, flo

[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...

Do command line tools exist that can handle these two steps?

Alternatively, is there a better way to achieve what we want? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...