On Чцв, 25 вер 2025, Patrick Brideau via FreeIPA-users wrote:
with old FreeIPA (4.9.13 on Rocky Linux 8), I could refresh SSHFP entries
directly from a client with a python call:
```python
from ipaclient.install.client import update_ssh_keys
from ipaplatform.paths import paths
update_ssh_keys(api.env.host, paths.SSH_CONFIG_DIR, True)
```
ref:
https://www.reddit.com/r/FreeIPA/comments/rlg6tw/create_sshfp_records_for_already_installed_ipa/
But with new FreeIPA (4.12.2 on Rocky Linux 9), the same call fail:
```bash
# /bin/kinit -k && /bin/ipa console /etc/ipa/update_ssh_keys.py
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/ipalib/cli.py", line 1026, in run
exec(compiled, globals(), local)
File "/etc/ipa/update_ssh_keys.py", line 5, in <module>
update_ssh_keys(api.env.host, paths.SSH_CONFIG_DIR, True)
TypeError: update_ssh_keys() missing 1 required positional argument: 'server'
```
The function `update_ssh_keys()` was changed in this commit:
https://pagure.io/freeipa/c/3de127433c5552c1f9f82c6bb73f2a32caa03e9b?branch=master
```diff
@@ -1672,7 +1737,7 @@ def check_ip_addresses(options):
return True
-def update_ssh_keys(hostname, ssh_dir, create_sshfp):
+def update_ssh_keys(hostname, ssh_dir, options, server):
if not os.path.isdir(ssh_dir):
return
```
I tried to fiddle to make it work with new FreeIPA, without success...
Any help to refresh SSHFP keys in the new version would be appreciated.
You need an options object that has create_sshfp (and other) fields. The
options object we use in that code is coming from the command line
options parser using an installer API class but you just need some
Python object that provides these fields, e.g. options.create_sshfp.
ipalib module has NameSpace and various parameters classes that can be
used for that purpose as well. NameSpace auto-locks itself after
initialization, so you want to add defaults to those booleans.
Something like
```
from ipaclient.install.client import update_ssh_keys
from ipaplatform.paths import paths
from ipalib.base import NameSpace
from ipalib.parameters import Bool
options = NameSpace([
Bool('create_sshfp', default=True),
Bool('dns_over_tls', default=False)
])
update_ssh_keys(api.env.host, paths.SSH_CONFIG_DIR, options, api.env.server)
```
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
