Hi all,

I'm looking for a way to automatize certificate creation for services hosted on 
servers inside a highly available cluster.

exemple: we have the following setup :
- http/serverha (an IPA service that will be highly available)
- server01 (not kickstarted yet)
- server02 (not kickstarted yet)

Both server01 and server02 must be able to get http/serverha certificate when 
kickstarted, but I find this impossible because they are not part of "managed 
by" hosts configured in service http/serverha
I'm forced to add manually each host to "managed by" section of the service, 
but only after it is kickstarted, which ruins my automatation goal

I hope this explanation is clear.

1 - Is there an elegant (ie. official) way to automaticaly manage this 
situation ?
2 - My intuitive solution would be to use automember to put server01 and 
server02 inside the same hostgroup and to able to add hostsgroups to the 
"managed by" section on a service, but this is not possible on my current setup 
(IPA v4.6.8) - only adding hosts (not hostgroups!) are allowed. Could this be a 
legitimate RFE I should write?

Please note that I'm not suppose to know beforehand the precise name of 
serverXY ? it could be server24... ;)

Thanks for your answers,
regards,
Nelson
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to