#126 Support per-server _location records for FreeIPA sites
Closed: Fixed None Opened 10 years ago by pspacek.

FreeIPA project proposed [location discovery mechanism]]([http://www.freeipa.org/page/V3/DNS_Location_Mechanism|DNS-based). It requires automatic generation CNAME records which point to _locations DNS sub-tree.

See also [ticket 2008]]([https://fedorahosted.org/freeipa/ticket/2008|FreeIPA).

Design

The idea is that for each "location" FreeIPA generates new DNS sub-tree with tailored SRV (and other) records.

Each bind-dyndb-ldap then generates distincts CNAME records which redirect service nodes like _kerberos._udp to tailored versions for particular server.

It is kind of hack which avoids having non-replicated sub-trees in LDAP.

See [[Design/PerServerConfigInLDAP]] and [[Design/RecordGenerator]]


Results of planning meeting held on 2014-11-04.

After discussion with pspacek, bumping priority for next release. For the first iteration, we can do it without allowing users to add overrides, i.e. it would be all generated automatically, possibly based on configuration option in named.conf specifying the location.

Implementation requires additional information from meta-database - especially during re-connection/re-synchronization/when default _location value in LDAP is changed.

We might want to add global default (for all replicas) to handle 'dumb' clients which do not have any fallback from _location record to main domain SRV RR set.

Clarifying proposed priority.

Moving tickets as triaged on 2016-02-11 with mkosek.

Description was modified to match latest FreeIPA development.

Preliminary implementation can be found on https://github.com/pspacek/bind-dyndb-ldap/tree/server_config_in_ldap4 .

Metadata Update from @mkosek:
- Issue assigned to pspacek
- Issue set to the milestone: Fedora 24

7 years ago

Login to comment on this ticket.

Metadata