Hi all, I'm looking for a way to automatize certificate creation for services hosted on servers inside a highly available cluster.
exemple: we have the following setup : - http/serverha (an IPA service that will be highly available) - server01 (not kickstarted yet) - server02 (not kickstarted yet) Both server01 and server02 must be able to get http/serverha certificate when kickstarted, but I find this impossible because they are not part of "managed by" hosts configured in service http/serverha I'm forced to add manually each host to "managed by" section of the service, but only after it is kickstarted, which ruins my automatation goal I hope this explanation is clear. 1 - Is there an elegant (ie. official) way to automaticaly manage this situation ? 2 - My intuitive solution would be to use automember to put server01 and server02 inside the same hostgroup and to able to add hostsgroups to the "managed by" section on a service, but this is not possible on my current setup (IPA v4.6.8) - only adding hosts (not hostgroups!) are allowed. Could this be a legitimate RFE I should write? Please note that I'm not suppose to know beforehand the precise name of serverXY ? it could be server24... ;) Thanks for your answers, regards, Nelson _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure