Bug #30439: freeipa plugin and DNS discovery - Smart Proxy - Foreman

Actions

Copy link

Bug #30439

open

freeipa plugin and DNS discovery

Added by Stephan Schultchen over 4 years ago. Updated over 3 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Realm

Target version:

Difficulty:

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

Hi,

in /etc/foreman-proxy/settings.d/realm_freeipa.yml one configures ":ipa_config: /etc/ipa/default.conf"

but there just on IdM/Freeipa server is configured, which makes failover without manual interaction hard.

is my assumption right that the configured server in /etc/ipa/default.conf is used as the API endpoint?

if yes, would it be possible to implement DNS discovery, and only fallback to the configured entry if DNS discovery fails?

Actions

Copy link

Updated by Ewoud Kohl van Wijngaarden over 3 years ago

Category set to Realm

That is indeed a correct assumption: the host is used to do API requests. https://github.com/theforeman/smart-proxy/blob/040da586908d48d193838fff703d77dab98fa3b2/modules/realm_freeipa/provider.rb#L33-L49

I guess it shouldn't be hard to rewrite this but I'm not familiar with how FreeIPA does its exact discovery (probably SRV records). It should follow the same parsing as IPA. So if IPA first tries the config file, then DNS and then something else, Smart Proxy should do the same.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Smart Proxy

Custom queries

Bug #30439

freeipa plugin and DNS discovery

Updated by Ewoud Kohl van Wijngaarden over 3 years ago