Project

General

Profile

Actions

Bug #30439

open

freeipa plugin and DNS discovery

Added by Stephan Schultchen over 3 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Realm
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

Hi,

in /etc/foreman-proxy/settings.d/realm_freeipa.yml one configures ":ipa_config: /etc/ipa/default.conf"

but there just on IdM/Freeipa server is configured, which makes failover without manual interaction hard.

is my assumption right that the configured server in /etc/ipa/default.conf is used as the API endpoint?

if yes, would it be possible to implement DNS discovery, and only fallback to the configured entry if DNS discovery fails?

Actions #1

Updated by Ewoud Kohl van Wijngaarden over 2 years ago

  • Category set to Realm

That is indeed a correct assumption: the host is used to do API requests. https://github.com/theforeman/smart-proxy/blob/040da586908d48d193838fff703d77dab98fa3b2/modules/realm_freeipa/provider.rb#L33-L49

I guess it shouldn't be hard to rewrite this but I'm not familiar with how FreeIPA does its exact discovery (probably SRV records). It should follow the same parsing as IPA. So if IPA first tries the config file, then DNS and then something else, Smart Proxy should do the same.

Actions

Also available in: Atom PDF