lol lol via FreeIPA-users wrote: > Thank you for the detailed answer. > > Yes I am aware of the $HOME issue, I do the same as you. > > My concern is the following scenario: > Host is an ipa client, VM is an ipa server. > When I reboot the machine, some services like certmonger do not start > correctly on the client because the server is still down. > So it's logical that some services running on the host enrolled with ipa (or > even the host itselft, i'm not sure) will fail to get a new certificate and > I'd have to bother with resetting/updating some components manually which is > dirty. > > That's why I'd like to identify all ipa services and make them sleep for a > few minutes before starting so that the vm has the time to boot. > > What are your thoughts? > I'd also like to hear a developer's opinion, I bet they deal with such > scenarios as they mention vms in documentation, when describing replication > for example.
Things are simpler if you have a client. SSSD will work offine if the server isn't available yet. certmonger also doesn't require IPA to be immediately available at startup. The worst that would happen is if a cert was detected as expiring soon and IPA wasn't update you'd get a CA_UNREACHABLE state and it would try again later. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
