[Freeipa-users] Setting up FreeIPA with replicas without DNS
Martin Kosek
mkosek at redhat.com
Wed May 28 13:04:24 UTC 2014
No worries. Note that at the end of ipa-server-install, you get a list of DNS
records (SRV, A) required to be added (in a BIND zone format). Additional
required updates caused by new/removed FreeIPA replicas are on your own though.
Martin
On 05/28/2014 10:44 AM, rob.harper at stfc.ac.uk wrote:
> Well, after sending my query I started going back over the FreeIPA documentation again and found information that I should probably be using SRV records in DNS to handle the load balancing.
>
> I will look into this and figure out what I need to request of the site network team.
>
> Apologies for cluttering up your inboxes!
>
> Rob
>
>> -----Original Message-----
>> From: rob.harper at stfc.ac.uk [mailto:rob.harper at stfc.ac.uk]
>> Sent: 28 May 2014 09:14
>> To: freeipa-users at redhat.com
>> Subject: [Freeipa-users] Setting up FreeIPA with replicas without DNS
>>
>> Hi all,
>>
>> I am wanting to set up a FreeIPA domain for controlling a group of machines
>> on our network, and want to use replica servers for resilience. However, I do
>> not have control over DNS: our site prefers to use a central DNS service,
>> which I can easily request changes in, but I don't have flexibility there.
>>
>> I will, at this point, admit to not knowing a great deal about the workings of
>> DNS, so if I am asking dumb questions, please feel free to point me at an RFC,
>> howto or other documentation so I can get educated.
>>
>> So I am trying to work out the best way to set things up. My initial hunch was
>> that I should get A-records set up to provide a DNS round robin for the
>> service. The problem appears to be that if I install FreeIPA on the servers
>> using their own hostnames, their host certificates won't match the A-record,
>> and if I set up FreeIPA to use the round robin hostname, it just doesn't look
>> right to me.
>>
>> I hope I have managed to explain my situation appropriately. I haven't been
>> able to find documentation to help me with this (I suspect I just need to
>> understand a few different aspects better than I do already), so can
>> someone point me in the right direction, please?
>>
>> Many thanks,
>> Rob
>> --
>> Scanned by iCritical.
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list