The ipa-client-install should be able to create the DNS entry if DNS is available.
I have a working ipa server with DNS and ran the following on a client:
Discovery was successful! Realm: IPADOCS.ORG DNS Domain: ipadocs.org IPA Server: ipaserver.ipadocs.org BaseDN: dc=ipadocs,dc=org
Continue to configure the system with these values? [no]: yes Enrollment principal: admin Password for admin@IPADOCS.ORG: Joining realm failed: RPC failed at server. Host does not have corresponding DNS A record
This would not work until I added the host using --ip-address on the server.
This seems to be thie right rule to apply:
if the user running ipa_client_add has admin privileges, and DNS is enabled and the fqdn for the host is in a zone managed by the server and there is no A or AAAA record then A and/or AAAA recrods should be added to the DNS zone and the host-add should succeed.
+1 re logic.
I guess I'll add an ip_address option to ipa-client-install. If one isn't provided I'll use getaddrinfo() and getnameinfo() to pick an address.
This is going to require a signature change to the XML-RPC join() command a changes to ipa-join so we can send the address.
Error handling is going to be tricky too, we'll need to handle a number of different errors so the right message bubbles back to the end-user.
Taking it but not going to change the XML-RPC interface. Simply forcing host-add to always succeed and then trying a DNS Update once we get the host keytab. And warning the user if that fails.
fixed in: eab4e36
Metadata Update from @obriend: - Issue assigned to simo - Issue set to the milestone: FreeIPA 2.0.2 RC2 (bug fixing)
Login to comment on this ticket.