Lance Dillon wrote:
------------------------------------------------------------------------ *From:* Rob Crittenden <rcrit...@redhat.com> *To:* Martin Kosek <mko...@redhat.com> *Cc:* freeipa-devel <firstname.lastname@example.org> *Sent:* Thursday, July 5, 2012 3:18 PM *Subject:* Re: [Freeipa-devel] [PATCH] 1032 allow multiple --server in client install, don't always set _srv_ Martin Kosek wrote: > On 07/04/2012 12:12 AM, Rob Crittenden wrote: >> If you pass in --server and --fixed-primary then don't add _srv_ to ipa_server >> in sssd.conf. >> >> This necessitates the desire to be able to provide multiple servers so make >> --server accept multiple values. This represents the bulk of the code changes. >> In every case we only use the additional values in sssd.conf. >> >> I also made some minor tweaks to discovery. There were cases where DNS >> discovery wasn't successful but we set dnsok anyway which could cause some >> cascading issues. >> >> There are a ton of possible corner cases with this so please, be brutal. >> >> I tested the following against a DNS server that had SRV records and against >> one that did not. >> >> - ipa-client-install >> - ipa-client-install --server=ipa.example.com --domain=example.com >> - ipa-client-install --server=ipa.example.com --server=ipa1.example.com >> --domain-example.com >> - ipa-client-install -server=ipa.example.com --server=ipa1.example.com >> --domain-example.com --fixed-primary >> - ipa-client-install -server=ipa.example.com --server=ipa1.example.com >> --domain-example.com --fixed-primary --no-sssd >> - ipa-client-install -server=ipa.example.com --server=ipa1.example.com >> --domain-example.com --no-sssd >> >> rob > > I did various checks, generally the patch behaves ok, I did not find any major > bug. I have just 2 questions/suggestions: > > 1) Since we allow more fixed servers to be passed as --server parameter, we > could name them all in /etc/krb5.conf in "kdc" and "admin_server" options when > DNS is not OK instead of writing just the first one in the list. Kerberos tools > then should be able to fall-back when some of them is not available. Sure, that makes sense. Done. > 2) What DNS discovery is not OK, we still add _srv_ to ipa_server option in > sssd.conf. Is it intentional? Yes, it was sort of a future-proofing if SRV records are ever made available. rob Could I request an option to not add _srv_ at all, like a --no-dns-discovery option. This way those of us who unfortunately are in situations where we can't create SRV records at all can have it designated at install time? Otherwise I have to edit the config files afterwards anyway to get rid of it. It could be made default false, of course, but if set the _srv_ entry would not be added.
You'll be able to do that by specifying --server and --fixed-primary. rob _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel