Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1518939
Description of problem: As part of our deployment, we have a few IPA replicas that we do not want users hitting directly for IPA client registration and day to day queries (hosts designed as backup servers, KRA, etc). There appears to be no way to exclude servers from being returned to clients during auto-discovery. Even with using DNS Locations, all replicas are returned to the client, just at a higher priority value. There should be some way to mark an IPA server as 'unadvertised' and not included in any SRV records. This would be useful for replicas dedicated to backups, CRL, KRA or other admin activities. Thanks!
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1518939
Metadata Update from @frenaud: - Issue priority set to: normal
master:
ipa-4-7:
ipa-4-8:
ipa-4-6:
Adding commit information below:
master: 025facb Add hidden replica feature 0770d8a ipatests: Exercise hidden replica feature 99133eb Simplify and improve tests 94b8635 Implement server-state --state=enabled/hidden d810e1f Consider hidden servers as role provider 56d97f9 Improve config-show to show hidden servers f839d3c More test fixes e7e0f19 Don't allow to hide last server for a role 8b1bb21 Synchronize hidden state from IPA master role e04dc9a Test replica installation from hidden replica d727321 Add design draft 713c9b0 Don't fail if config-show does not return servers
ipa-4-7: ddf8e16 Add hidden replica feature f96f4a1 ipatests: Exercise hidden replica feature 585bc52 Simplify and improve tests f3daa45 Implement server-state --state=enabled/hidden 0bf26c5 Consider hidden servers as role provider de1a075 Improve config-show to show hidden servers 3e2fb21 More test fixes dc2a5ec Don't allow to hide last server for a role 87f9119 Synchronize hidden state from IPA master role 467ceaf Test replica installation from hidden replica 66c961d Add design draft c76620e Don't fail if config-show does not return servers
ipa-4-6: cb85342 Add hidden replica feature 016c47f ipatests: Exercise hidden replica feature 7691162 Simplify and improve tests da9f62d Implement server-state --state=enabled/hidden d12cca4 Consider hidden servers as role provider ed00466 Improve config-show to show hidden servers 131c1ab More test fixes bcf70c5 Don't allow to hide last server for a role d8d6799 Synchronize hidden state from IPA master role e40d92f Test replica installation from hidden replica d1eb4c7 Add design draft a0f00e6 Don't fail if config-show does not return servers aa3f60b Unify and simplify LDAP service discovery aba0fce Use api.env.container_masters ec94a68 Consolidate container_masters queries
Metadata Update from @fcami: - Custom field external_tracker adjusted to https://github.com/freeipa/freeipa/pull/2923
Metadata Update from @fcami: - Custom field external_tracker adjusted to https://github.com/freeipa/freeipa/pull/2923 https://github.com/freeipa/freeipa/pull/3644 (was: https://github.com/freeipa/freeipa/pull/2923)
Closing as this was delivered in PR#2923.
Metadata Update from @fcami: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.