Hi all,
We have our own ASN and IP pool and was hoping to anycast our servers so
that as our employees travel they just connect to the nearest
operational instance.
I have tried by just setting up an anycast IP but can't enroll using the
anycast hostname because it errors out getting the root cert with the
domain not matching.
We want our setup to be as follows;
London:
ipa1.gb-lon.domain.tld
ipa2.gb-lon.domain.tld
ipa3.gb-lon.domain.tld
Dallas:
ipa1.us-dal.domain.tld
ipa2.us-dal.domain.tld
ipa3.us-dal.domain.tld
Singapore
ipa1.sg-sg.domain.tld
ipa2.sg-sg.domain.tld
ipa3.sg-sg.domain.tld
ECMP Anycast Routed Hostname: ipa.domain.tld
Ideally we want to be able to have the dns srv records point to
ipa.eajglobal.net and nothing else, relying on anycast but looks like I
would need a way of adding a SAN to the root certificate. Can anybody
advise on the best way of doing this?
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
