#7307 RFE: Extend IPA to support unadvertised replicas
Closed: fixed 2 years ago by fcami. Opened 3 years ago by frenaud.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1518939

Description of problem:


As part of our deployment, we have a few IPA replicas that we do not
want users hitting directly for IPA client registration and day to day
queries (hosts designed as backup servers, KRA, etc). There appears to be no
way to exclude servers from being returned to clients during auto-discovery.

Even with using DNS Locations, all replicas are returned to the client, just at
a higher priority value.  There should be some way to mark an IPA server as
'unadvertised' and not included in any SRV records.

This would be useful for replicas dedicated to backups, CRL, KRA or other admin
activities.

Thanks!

Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1518939

3 years ago

Metadata Update from @frenaud:
- Issue priority set to: normal

3 years ago

master:

  • 6064365 Hidden Replica: Add a test for Automatic CRL configuration

ipa-4-7:

  • 90c22db Hidden Replica: Add a test for Automatic CRL configuration

ipa-4-8:

  • f2fb220 Hidden Replica: Add a test for Automatic CRL configuration

ipa-4-6:

  • ad3ddbb Hidden Replica: Add a test for Automatic CRL configuration

Adding commit information below:

master:
025facb Add hidden replica feature
0770d8a ipatests: Exercise hidden replica feature
99133eb Simplify and improve tests
94b8635 Implement server-state --state=enabled/hidden
d810e1f Consider hidden servers as role provider
56d97f9 Improve config-show to show hidden servers
f839d3c More test fixes
e7e0f19 Don't allow to hide last server for a role
8b1bb21 Synchronize hidden state from IPA master role
e04dc9a Test replica installation from hidden replica
d727321 Add design draft
713c9b0 Don't fail if config-show does not return servers

ipa-4-7:
ddf8e16 Add hidden replica feature
f96f4a1 ipatests: Exercise hidden replica feature
585bc52 Simplify and improve tests
f3daa45 Implement server-state --state=enabled/hidden
0bf26c5 Consider hidden servers as role provider
de1a075 Improve config-show to show hidden servers
3e2fb21 More test fixes
dc2a5ec Don't allow to hide last server for a role
87f9119 Synchronize hidden state from IPA master role
467ceaf Test replica installation from hidden replica
66c961d Add design draft
c76620e Don't fail if config-show does not return servers

ipa-4-6:
cb85342 Add hidden replica feature
016c47f ipatests: Exercise hidden replica feature
7691162 Simplify and improve tests
da9f62d Implement server-state --state=enabled/hidden
d12cca4 Consider hidden servers as role provider
ed00466 Improve config-show to show hidden servers
131c1ab More test fixes
bcf70c5 Don't allow to hide last server for a role
d8d6799 Synchronize hidden state from IPA master role
e40d92f Test replica installation from hidden replica
d1eb4c7 Add design draft
a0f00e6 Don't fail if config-show does not return servers
aa3f60b Unify and simplify LDAP service discovery
aba0fce Use api.env.container_masters
ec94a68 Consolidate container_masters queries

Metadata Update from @fcami:
- Custom field external_tracker adjusted to https://github.com/freeipa/freeipa/pull/2923

2 years ago

Closing as this was delivered in PR#2923.

Metadata Update from @fcami:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata