[Freeipa-devel] Allowing existing IPA hosts to be used for installing a replica
Rob Crittenden
rcritten at redhat.com
Thu Jun 7 03:08:38 UTC 2012
Scott Poore wrote:
> Running this by the mailing list to see if I should open an RFE.
>
> Should we have the ability to install replicas where the host entries already exist in IPA?
>
> So, we could in theory do a host-add before running ipa-replica-install on the soon to be replica. There may be some useful cases for supporting this. Could be useful in a location that starts growing for "promoting" a client to a Replica for use in that location. Maybe as an override flag to the ipa-replica-install command?
>
> Thoughts?
I asked Scott to pose this to the list. I'm a little uneasy about it but
perhaps I'm just paranoid.
This isn't proposing that an enrolled client be able to become a
replica, but right now if a host entry exists for a target replica
server we require it be removed before proceeding.
The reason being we don't know what else is associated with that host
(well, we do, but it sure seems like a lot of work to fetch it all). The
host could already have an HTTP server, for example. Or it could have
other certs or services.
So the question is, is it adequate to require the removal or should we
go through the trouble to see if there are any conflicting services? We
don't have a TGT when preparing a replica so this would mean a bit of
manual LDAP work which could very well be a pain source in the future.
rob
More information about the Freeipa-devel
mailing list