[Freeipa-devel] FreeIPA integration with external DNS services
Simo Sorce
simo at redhat.com
Wed Dec 10 17:50:12 UTC 2014
On Wed, 10 Dec 2014 15:13:30 +0100
Petr Spacek <pspacek at redhat.com> wrote:
> I think that external DNS could depend on Vault (assuming that
> external DNS support will be purely optional).
TBH, I do not think this is a sensible option, the Vault will drag huge
dependencies for now, and I would like to avoid that if all we need is
to add a couple of A/SRV records to an external DNS.
If we can't come up with a service, I think I am ok telling admins they
need to manually copy the TKEY (or use puppet or other similar
configuration manager to push the key file around) on each replica, and
we defer automatic distribution of TKEYs.
We will have a service that can give out keys, it is identified as
necessary in the replica promotion proposal, so we'll eventually get
there.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list