[Freeipa-users] Setting up FreeIPA with replicas without DNS
rob.harper at stfc.ac.uk
rob.harper at stfc.ac.uk
Wed May 28 14:24:05 UTC 2014
Thanks for the tip, Martin.
Rob
> -----Original Message-----
> From: Martin Kosek [mailto:mkosek at redhat.com]
> Sent: 28 May 2014 14:04
> To: Harper, Rob (STFC,RAL,SC); freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Setting up FreeIPA with replicas without DNS
>
> No worries. Note that at the end of ipa-server-install, you get a list of DNS
> records (SRV, A) required to be added (in a BIND zone format). Additional
> required updates caused by new/removed FreeIPA replicas are on your own
> though.
>
> Martin
>
> On 05/28/2014 10:44 AM, rob.harper at stfc.ac.uk wrote:
> > Well, after sending my query I started going back over the FreeIPA
> documentation again and found information that I should probably be using
> SRV records in DNS to handle the load balancing.
> >
> > I will look into this and figure out what I need to request of the site
> network team.
> >
> > Apologies for cluttering up your inboxes!
> >
> > Rob
> >
> >> -----Original Message-----
> >> From: rob.harper at stfc.ac.uk [mailto:rob.harper at stfc.ac.uk]
> >> Sent: 28 May 2014 09:14
> >> To: freeipa-users at redhat.com
> >> Subject: [Freeipa-users] Setting up FreeIPA with replicas without DNS
> >>
> >> Hi all,
> >>
> >> I am wanting to set up a FreeIPA domain for controlling a group of
> >> machines on our network, and want to use replica servers for
> >> resilience. However, I do not have control over DNS: our site
> >> prefers to use a central DNS service, which I can easily request changes in,
> but I don't have flexibility there.
> >>
> >> I will, at this point, admit to not knowing a great deal about the
> >> workings of DNS, so if I am asking dumb questions, please feel free
> >> to point me at an RFC, howto or other documentation so I can get
> educated.
> >>
> >> So I am trying to work out the best way to set things up. My initial
> >> hunch was that I should get A-records set up to provide a DNS round
> >> robin for the service. The problem appears to be that if I install
> >> FreeIPA on the servers using their own hostnames, their host
> >> certificates won't match the A-record, and if I set up FreeIPA to use
> >> the round robin hostname, it just doesn't look right to me.
> >>
> >> I hope I have managed to explain my situation appropriately. I
> >> haven't been able to find documentation to help me with this (I
> >> suspect I just need to understand a few different aspects better than
> >> I do already), so can someone point me in the right direction, please?
> >>
> >> Many thanks,
> >> Rob
> >> --
> >> Scanned by iCritical.
> >>
> >> _______________________________________________
> >> Freeipa-users mailing list
> >> Freeipa-users at redhat.com
> >> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Scanned by iCritical.
More information about the Freeipa-users
mailing list