[Freeipa-devel] Hosts, A recs, and AAAA recs
Simo Sorce
ssorce at redhat.com
Wed Feb 9 04:30:29 UTC 2011
On Tue, 08 Feb 2011 22:10:16 -0500
Adam Young <ayoung at redhat.com> wrote:
> The current process to add a host today is:
>
> Create an A record
> run add host
>
> We have --force which will allow us to add the host even if the A
> record doesn't exist, but do we have a way to say, add this host, A
> record, and AAAA record all at the same time?
>
>
> From a cloud perspective, it seems like we are going to get a lot of
> short lived VMs that will need all three at once. I can see a work
> flow like this:
>
>
> User requests a number of VMs.
> VMs get clones from templates and spun up
> VMs get IP address from DHCP server.
> DHCP server notifies IPA server of new hosts
What do you mean by this ^^^^ ?
Do you want to give the DHCP server the power to perform DNS updates ?
Can be done although I am not sure DHCP Servers know how to do GSS-TSIG
protected updates, we may have to open up DNS access control to accept
everything from the DHCP Server.
> IPA server adds host entries, A and AAAA records
Host entries must be added by the cloud engine as it needs to set the
enrollment password it passes down to the VM.
> VM runs ipa-client install as part of firstboot
ipa-client-install could also add DNS records, but there is a
credential problem if it is an automated process.
> The IPA server might even get notified earlier. I could see the
> cloud provider pushing the info to ipa prior to cloning the VM.
This might be a better choice as long as the cloud provider can also
change the DHCP configuration to assign the right IP address to the
VMs using the MAC address.
> How would we go about doing that today?
I think we are missing the part that creates the VMs yet, so ...
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list