Well, after sending my query I started going back over the FreeIPA documentation again and found information that I should probably be using SRV records in DNS to handle the load balancing.
I will look into this and figure out what I need to request of the site network team. Apologies for cluttering up your inboxes! Rob > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: 28 May 2014 09:14 > To: [email protected] > Subject: [Freeipa-users] Setting up FreeIPA with replicas without DNS > > Hi all, > > I am wanting to set up a FreeIPA domain for controlling a group of machines > on our network, and want to use replica servers for resilience. However, I do > not have control over DNS: our site prefers to use a central DNS service, > which I can easily request changes in, but I don't have flexibility there. > > I will, at this point, admit to not knowing a great deal about the workings of > DNS, so if I am asking dumb questions, please feel free to point me at an RFC, > howto or other documentation so I can get educated. > > So I am trying to work out the best way to set things up. My initial hunch > was > that I should get A-records set up to provide a DNS round robin for the > service. The problem appears to be that if I install FreeIPA on the servers > using their own hostnames, their host certificates won't match the A-record, > and if I set up FreeIPA to use the round robin hostname, it just doesn't look > right to me. > > I hope I have managed to explain my situation appropriately. I haven't been > able to find documentation to help me with this (I suspect I just need to > understand a few different aspects better than I do already), so can > someone point me in the right direction, please? > > Many thanks, > Rob > -- > Scanned by iCritical. > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Scanned by iCritical. _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
