CommandDocumentation#

Command-line Documentation Guidelnes#

IPA provides a set of command-line utilities that perform actions as varied as installing the product, managing replicas and administering the IPA data. The clearest differentiator is the command which executes these.

The ipa command executes data management commands (user, group, etc.) and the ipa- (dash) commands are generally used in a more limited way (e.g. ipa-server-install, ipa-replica-manage). I refer to these as the standalone commands.

Command types#

The standalone commands each have their own man page. This includes a description of what the command does and a list of the available options (and perhaps even an example or two).

The ipa command executes commands from the XML-RPC framework and manages data in the IPA database. There is a single man page for the ipa command with an overview of its capabilites, but not a complete list of all plugins and what their various options do.

Getting help#

ipa- commands#

To get help from a standalone command use either the –help option or see the man page:

% ipa-replica-manage --help
Usage: ipa-replica-manage [options]
Options:
``  –version             show program’s version number and exit``
``  -h, –help            show this help message and exit``
``  -H HOST, –host=HOST  starting host``
``  -p DIRMAN_PASSWD, –password=DIRMAN_PASSWD``
``                        Directory Manager password``
``  -v, –verbose         provide additional information``
``  -f, –force           ignore some types of errors``
``  –port=PORT           port number of other server``
``  –binddn=BINDDN       Bind DN to use with remote server``
``  –bindpw=BINDPW       Password for Bind DN to use with remote server``
``  –winsync             This is a Windows Sync Agreement``
``  –cacert=CACERT       Full path and filename of CA certificate to use with``
``                        TLS/SSL to the remote server``
``  –win-subtree=WIN_SUBTREE``
``                        DN of Windows subtree containing the users you want to``
``                        sync (default cn=Users,<domain suffix)``
``  –passsync=PASSSYNC   Password for the Windows PassSync user``

% man ipa-replica-manage

Framework commands (ipa)#

There are a number of different ways to get help from the ipa command.

The overall man page for the command:

% man ipa

Note that ipa –help and ipa help are two different, if confusing, things.

ipa --help provides assistance on using the ipa command itself.

ipa help provides assistance on the data management commands within ipa.

A list of available topics. A topic is a high-level view of the data management. For example user, group and host are topics.

% ipa help topics
Usage: ipa [global-options] COMMAND ...
Built-in commands:
``  console     Start the IPA interactive Python console.``
``  help        Display help for a command or topic.``
Help topics:
``  aci         Directory Server Access Control Instructions (ACIs)``
``  automount   Automount``
``  cert        Command plugins for IPA-RA certificate operations.``
``  config      IPA configuration``
``  dns         Domain Name System (DNS) plugin``
``  group       Groups of users``
``  hbac        Host based access control``
``  host        Hosts/Machines (Identity)``
``  hostgroup   Groups of hosts.``
``  krbtpolicy  Kerberos ticket policy``
``  migration   Migration to IPA``
``  misc        Misc plugins``
``  netgroup    Netgroups``
``  passwd      Password changes``
``  pwpolicy    Password policy``
``  rolegroup   Rolegroups``
``  service     Services (Identity)``
``  taskgroup   Taskgroups``
``  user        Users (Identity)``
Try `ipa --help for a list of global options.`

To dive into a particular topic:

% ipa help user
Users (Identity)
Related commands:
``  user-add     Create new user.``
``  user-del     Delete user.``
``  user-find    Search for users.``
``  user-lock    Lock user account.``
``  user-mod     Modify user.``
``  user-show    Display user.``
``  user-unlock  Unlock user account.``

To get help on a particular framework command:

% ipa help user-add
Purpose: Create new user.
Usage: ipa [global-options] user-add LOGIN
Options:
``  -h, –help       show this help message and exit``
``  –first=STR      First name``
``  –last=STR       Last name``
``  –homedir=STR    Home directory``
``  –gecos=STR      GECOS field``
``  –shell=STR      Login shell``
``  –principal=STR  Kerberos principal``
``  –email=STR      Email address``
``  –password       Set the user password``
``  –uid=INT        UID (use this option to set it manually)``
``  –street=STR     Street address``
``  –addattr=STR    Add an attribute/value pair. Format is attr=value``
``  –setattr=STR    Set an attribute to an name/value pair. Format is``
``                   attr=value``
``  –all            retrieve all attributes``
``  –raw            print entries as stored on the server``

The framework commands are supposed to be self-documenting, with the ipa man page there to describe the basic layout of how things should work. Not all plugins currently have extra documentation but the goal is to have help like the dns plugin:

% ipa help dns
Domain Name System (DNS) plugin
Implements a set of commands useful for manipulating DNS records used by
the BIND LDAP plugin.
EXAMPLES:
`` Add new zone;``
``   ipa dns-add example.com nameserver.example.com admin@example.com``
`` Add second nameserver for example.com:``
``   ipa dns-add-rr example.com @ NS nameserver2.example.com``
`` Delete previously added nameserver from example.com:``
``   ipa dns-del-rr example.com @ NS nameserver2.example.com``
`` Add new A record for www.example.com: (random IP)``
``   ipa dns-add-rr example.com www A 80.142.15.2``
...
...

Rules of the Road#

Standalone commands#

Every standalone command must have:

  • A man page

  • Usage output

Framework commands#

Framework commands must have:

  • A single man page, ipa

  • Basic usage output for options, this is automatic (ipa user-add --help)

  • An overview of the command via ipa help <topic>

The overview comes from the initial docstring in the plugin itself. It should include:

  • User-understandable plugin name

  • Basic description of what the plugin does

  • Usage examples