On Mon, Apr 17, 2023 at 1:14 PM Finn Fysj via FreeIPA-users
<[email protected]> wrote:
>
> Maybe I'm mistaken, however:
>
> Playbook:
> - hosts:
> - master2.example.com
Is it a typo, or you are using the same host for both ipaserver and ipareplica?
> roles:
> - role: freeipa.ansible_freeipa.ipaserver
> vars:
> ipaserver: "{{ inventory_hostname }}"
> ipaserver_hostname: "{{ inventory_hostname }}"
> ipadm_password: SuperSecret123
> ipaadmin_password: SuperSecret123
> ipaserver_ip_addresses: "{{
> hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
> ipaserver_domain: "example.com"
> ipaserver_realm: "EXAMPLE.COM"
> ipaserver_no_host_dns: true
> ipaserver_mem_check: true
> ipaserver_idstart: 6000
> ipaserver_setup_dns: false
> ipaserver_no_pkinit: true
>
> - hosts:
> - master2.example.com
> become: true
> roles:
> - role: freeipa.ansible_freeipa.ipareplica
> vars:
> ipaservers: master1.example.com
> ipaserver_hostname: master1.example.com
> ipareplicas: master2.example.com
> ipareplica_domain: example.com
> ipaclient_force_join: true
> ipaadmin_principal: admin
> ipareplica_setup_dns: false
>
FreeIPA relies, a lot, on DNS, and it must be correctly configured.
From what you have shown so far, it seems like you do not have a
proper DNS configuration.
Since you are not using FreeIPA's embedded DNS server, you
must add the proper records on the external DNS server. On the
first server, run the command:
ipa dns-update-system-records --dry-run
This will show you a list of records that must be available.
More information can be found at:
FreeIPA Quick Start:
https://www.freeipa.org/page/Quick_Start_Guide
FreeIPA Deployment Recommendations:
https://www.freeipa.org/page/Deployment_Recommendations
RHEL IdM First Server installation:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-an-ipa-server-with-integrated-dns_installing-identity-management
RHEL IdM Replica installation:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-an-ipa-replica_installing-identity-management
Rafael
>
> As mentioned when running using a cloud dynamic inventory this playbook does
> not work, however, as preivously mentioned, when creating a static inventory,
> it works:
>
> [ipaservers]
> master1.example.com
>
> [ipareplicas]
> master2.example.com
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
--
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
