[Freeipa-users] What's the proper format for an automember serverhostname rule?
greg at greg-gilbert.com
greg at greg-gilbert.com
Wed Apr 19 21:25:06 UTC 2017
Rob, here's what I see in that log:
2017-04-19T21:18:23Z DEBUG Using servers from command line, disabling
DNS discovery
2017-04-19T21:18:23Z DEBUG will use provided server: ipa.services.foo
2017-04-19T21:18:23Z DEBUG will use discovered realm: IPA.SERVICES.FOO
2017-04-19T21:18:23Z DEBUG will use discovered basedn:
dc=ipa,dc=services,dc=foo
2017-04-19T21:18:23Z INFO Client hostname: 10.100.15.209
2017-04-19T21:18:23Z DEBUG Hostname source: Provided as option
2017-04-19T21:18:23Z INFO Realm: IPA.SERVICES.FOO
...
2017-04-19T21:18:23Z DEBUG Starting external process
2017-04-19T21:18:23Z DEBUG args=/bin/hostname 10.100.15.209
2017-04-19T21:18:23Z DEBUG Process finished, return code=0
2017-04-19T21:18:23Z DEBUG stdout=
2017-04-19T21:18:23Z DEBUG stderr=
2017-04-19T21:18:23Z DEBUG Backing up system configuration file
'/etc/hostname'
So whatever that external process is, I guess that's what's resetting
the hostname.
For reference, here's the line that runs (on cloud-init) to set up
FreeIPA:
/usr/sbin/ipa-client-install \
--domain=ipa.services.FOO \
--server=ipa.services.FOO \
-U \
--permit \
--ssh-trust-dns \
--principal=enrollment \
--password="PASS" \
--hostname="{{ ansible_eth0.ipv4.address }}"
On 2017-04-19 16:27, Rob Crittenden wrote:
> greg at greg-gilbert.com wrote:
>
>> When the instances register themselves with FreeIPA, their hostnames get
>> changed to match their IP; that's a FreeIPA rule, I believe. So in this
>> case, the hostname is 10.100.*.
>>
>> ubuntu at 10:~$ hostname
>> 10.100.15.130
>
> There is something very wrong. ipa-client should be setting a FQDN, not
> an IP address. /var/log/ipaclient-install.log may hold some clues.
>
> rob
>
> On 2017-04-19 14:53, Jason B. Nance wrote:
>
> Hi Greg,
>
> I'm trying to set up a rule based on server hostname. So for
> example, 10.100.* would be put into the 'developers' hostgroup. I
> can't figure out the proper format of the inclusive regex. I've tried:
>
> I believe that your regex needs to match the host name, not the IP
> address. Unless your host name is 10.100.<something> I don't think
> that will match. The regex for "anything" is ".*". I think that the
> pcre syntax is what is used.
> Regards,
>
> j
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170419/d42d2adf/attachment.htm>
More information about the Freeipa-users
mailing list