[Freeipa-users] What's the proper format for an automember serverhostname rule?

Rob Crittenden rcritten at redhat.com
Wed Apr 19 21:55:02 UTC 2017 

greg at greg-gilbert.com wrote:
> Rob, here's what I see in that log:
> 
> 2017-04-19T21:18:23Z DEBUG Using servers from command line, disabling
> DNS discovery
> 2017-04-19T21:18:23Z DEBUG will use provided server: ipa.services.foo
> 2017-04-19T21:18:23Z DEBUG will use discovered realm: IPA.SERVICES.FOO
> 2017-04-19T21:18:23Z DEBUG will use discovered basedn:
> dc=ipa,dc=services,dc=foo
> 2017-04-19T21:18:23Z INFO Client hostname: 10.100.15.209
> 2017-04-19T21:18:23Z DEBUG Hostname source: Provided as option
> 2017-04-19T21:18:23Z INFO Realm: IPA.SERVICES.FOO
> ...
> 2017-04-19T21:18:23Z DEBUG Starting external process
> 2017-04-19T21:18:23Z DEBUG args=/bin/hostname 10.100.15.209
> 2017-04-19T21:18:23Z DEBUG Process finished, return code=0
> 2017-04-19T21:18:23Z DEBUG stdout=
> 2017-04-19T21:18:23Z DEBUG stderr=
> 2017-04-19T21:18:23Z DEBUG Backing up system configuration file
> '/etc/hostname'
> 
> So whatever that external process is, I guess that's what's resetting
> the hostname.
> 
> For reference, here's the line that runs (on cloud-init) to set up FreeIPA:
> 
>       /usr/sbin/ipa-client-install \
>       --domain=ipa.services.FOO \
>       --server=ipa.services.FOO \
>       -U \
>       --permit \
>       --ssh-trust-dns \
>       --principal=enrollment \
>       --password="PASS" \
>       --hostname="{{ ansible_eth0.ipv4.address }}"
                        ^^^^^^^^^^^^^^^^^^^^^^^^

Right. Don't do that.

rob

> 
> 
> On 2017-04-19 16:27, Rob Crittenden wrote:
> 
>> greg at greg-gilbert.com <mailto:greg at greg-gilbert.com> wrote:
>>> When the instances register themselves with FreeIPA, their hostnames get
>>> changed to match their IP; that's a FreeIPA rule, I believe. So in this
>>> case, the hostname is 10.100.*.
>>>
>>> ubuntu at 10:~$ hostname
>>> 10.100.15.130
>>
>> There is something very wrong. ipa-client should be setting a FQDN, not
>> an IP address. /var/log/ipaclient-install.log may hold some clues.
>>
>> rob
>>
>>>
>>> On 2017-04-19 14:53, Jason B. Nance wrote:
>>>
>>>> Hi Greg,
>>>>
>>>>     I'm trying to set up a rule based on server hostname. So for
>>>>     example, 10.100.* would be put into the 'developers' hostgroup. I
>>>>     can't figure out the proper format of the inclusive regex. I've
>>>> tried:
>>>>
>>>> I believe that your regex needs to match the host name, not the IP
>>>> address.  Unless your host name is 10.100.<something> I don't think
>>>> that will match.  The regex for "anything" is ".*".  I think that the
>>>> pcre syntax is what is used.
>>>> Regards,
>>>>  
>>>> j
>>>>  
>>>
>>>
>>>
>>>
>

More information about the Freeipa-users mailing list