#2715 Improve IPA usability in Amazon EC2 environment
Opened 10 years ago by mkosek. Modified 4 years ago

This ticket is a follow up for #2648.

Amazon EC2 cloud environment network architecture does not play well with IPA's demand for static IP address bound to one of its network interfaces. A short description of the EC2 networking:

  • VM has a private dynamic IP address which changes upon reboot of the machine
  • VM has a public IP address that can be used to access the IPA machine from the outside networks
  • User can ask for elastic IP which are not assigned to an interface but are always redirected correctly to the current instance

To solve this ticket we would need to at least:

  • Make IP address checks less strict - the check if IP address is assigned to interface should rather be a warning and not a blocking error
    • This would enable user to use elastic IP address as IPA IP address that is then inserted to the /etc/hosts and used in DNS records
    • We need to make sure that DNS, client enrollment, Web UI, replication works correctly
  • Do more investigation if we can help with the use of dynamic address as IPA IP address. We can at least provide some example in our documentation about how to update IPA IP address in /etc/hosts after reboot

I can take this effort.

Moving my tickets back to free-to-take pool.

Replying to [ticket:2715 mkosek]:

To solve this ticket we would need to at least:
* Make IP address checks less strict - the check if IP address is assigned to interface should rather be a warning and not a blocking error

Where is this check? In ipa-server-install or in some other places as well?

$ git grep ip_local
install/tools/ipa-adtrust-install:                      type="ip", ip_local=True, help="Master Server IP 
install/tools/ipa-dns-install:                      type="ip", ip_local=True, help="Master Server IP Addr
install/tools/ipa-replica-install:                      type="ip", ip_local=True,
install/tools/ipa-server-install:                      type="ip", ip_local=True,

The check is in ipapython/ipautil.py, grep for match_local.

Metadata Update from @mkosek:
- Issue assigned to mbasti
- Issue set to the milestone: Future Releases

5 years ago

master:

  • 6637980 Only warn when specified server IP addresses don't match intf

ipa-4-5:

  • 6206ac8 Only warn when specified server IP addresses don't match intf

Metadata Update from @mbasti:
- Issue assigned to stlaz (was: mbasti)
- Issue close_status updated to: None

4 years ago

Login to comment on this ticket.

Metadata