On 21.09.2016 12:01, Jan Pazdziora wrote:

I've recently hit again the situation of IPA installer not happy
about the provided IP address not being local to it, this time in
containerized environment:


During the discussion, we came to an interesting question:

        What would break if loopback addresses were allowed for IPA

Of course, the idea is that it would only be used for installation and
then IPA would change its IP address in DNS to whatever is the real IP
address under which it is accessible.

Where does the allow_loopback=False requirement in the installer come
from and what would break if it was removed altogether?


I'm not aware of anything that should prevent us to have just loopback address (installation without DNS) on server. It is somehow weird to not have any other address unicast address assigned, but cloud world strikes.

IIRC in past there might be issue with some services (KDC? not sure) that cannot run only with loopback address, but I dont think that this is an issue nowadays.

This needs investigation, please file a ticket and we may allocate human and time for this :)


Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to