On 02/09/2011 10:56 AM, Dmitri Pal wrote:
On 02/08/2011 11:30 PM, Simo Sorce wrote:
On Tue, 08 Feb 2011 22:10:16 -0500
Adam Young<ayo...@redhat.com>  wrote:

The current process to add a host today is:

Create an A record
run add host

We have --force which will allow us to add the host even if the A
record doesn't exist, but do we have a way to say,  add this host, A
record, and AAAA record all at the same time?


  From a cloud perspective, it seems like we are going to get a lot of
short lived VMs that will need all three at once.  I can see a work
flow like this:


User requests a number of VMs.
VMs get clones from templates and spun up
VMs get IP address from DHCP server.
DHCP server notifies IPA server of new hosts
What do you mean by this ^^^^ ?
Do you want to give the DHCP server the power to perform DNS updates ?
Can be done although I am not sure DHCP Servers know how to do GSS-TSIG
protected updates, we may have to open up DNS access control to accept
everything from the DHCP Server.

IPA server adds host entries, A and AAAA records
Host entries must be added by the cloud engine as it needs to set the
enrollment password it passes down to the VM.

VM runs ipa-client install as part of firstboot
ipa-client-install could also add DNS records, but there is a
credential problem if it is an automated process.

The IPA server might even get notified earlier.  I could see the
cloud provider pushing the info to ipa prior to cloning the VM.
This might be a better choice as long as the cloud provider can also
change the DHCP configuration to assign the right IP address to the
VMs using the MAC address.

How would we go about doing that today?
I think we are missing the part that creates the VMs yet, so ...

Simo.

In the cloud the cloud provider gives a VM a name and IP that it knows
about.
It is completely different from what you want the machine to think about
itself.
I did some emulation of the bootstrapping sequence as a proof of concept
to make sure we can enroll the host with a different hostname.

To emulate the provisioning of a new VM in the cloud I created a new
host in IPA with corresponding DNS entries. I gave it a generated static
IP of 1.1.1.1.
It created an OTP for me.
Then I turned around and to the client added ipa to the resolve.conf of
the client and ran the ipa-client-install passing in the OTP, ipa host
name and machine name.
That completed the provisioning.

The cloud engine will be driving the creation of the DNS and host
entries. IPA already has all capabilities that are needed.
What you suggest seems to be an optimization that would save cloud
engine a line in a script.

Simo is right about firstboot - it is not implemented yet.

To create a new vm is just a matter of using libvirt's clone call. But I'm not sure if libvirt has the means to notify the IPA server "new machine is about to come up, I'm going to give it the IP Address 10.1.1.1"

What do you mean about firstboot?


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to