Hi,

After some comments on:

https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/7A2I475DZFE235QRJRXMRXTL3DVT46IN/

I decided to file a bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1533228

, but the comments there made me doubt my plan to set up FreeIPA, which is
a project to update my dedicated server running CentOS 7 which has ZFS and
runs several personal and public services on KVM VMs (Owncloud, Wordpress,
Redmine, Jenkins...), adding:

* A directory server that allows me to manage users in a centralized way;
both UNIX users and services users
* Seamless private communication between my two homes and my hosted VMs,
also access on foreign networks
* Forget about IP address management and be able to refer to all hosts from
all sites by their hostname

I've set up dnsmasq on each site with internal domains and done proper
delegation which seems to be working  correctly, but I'm not sure how to
handle FreeIPA reliability and integrate it with my existing DNS setup. I
would run a FreeIPA server on my dedicated server, but I think I want to
run another server in another place- as I do worry about the FreeIPA server
going down and disabling everything. I don't want to run it at home, so
I've located a cheap VPS provider to host a second instance.

Now, I'm not sure about how to go forward, esp. with regards to DNS. Should
I run FreeIPA's DNS server for easier handling of the SRV records required
for Kerberos et al. or should I add those to my existing servers?

I thought the former was less administrative overhead, until I hit the
problem I commented on the thread mentioned above, which led me to filing
https://bugzilla.redhat.com/show_bug.cgi?id=1533228 but now I doubt that
FreeIPA's DNS server is going to work nicely in my situation- basically due
to me wanting to keep my other DNS setup, DHCP and having a mixture of
public and private IPs.

Anyone thought about this? I'm guessing most FreeIPA installations are run
by people not as cheap as me, and they run multiple servers on public IPs
and be done with it, but I'd like to avoid that cost.

Thanks,

Álex

-- 
   ___
 {~._.~}
  ( Y )
 ()~*~()  mail: alex at corcoles dot net
 (_)-(_)  http://alex.corcoles.net/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to