cluster deployment / ansible-freeipa
by Mark Potter
Greetings!
I am attempting to deploy a cluster using ansible-freeipa:
CentOS 8.2
Ansible 2.10.2
The ipaserver role successfully deploys the server but I have a question
about dns specifically: What is the format for "ipaserver_reverse_zones". I
haven't seen an example. We have a LOT of reverse zones and would like to
get them all set out out the gate using vars.
Server is mostly alright and I think I have it figured out but replicas
fail to deploy.
They specifically fail at Install - Replica preparation connection check,
if I set it to ignore the connection check they simply fail later for the
same reason. I have managed to suss out that the replicas aren't added to
DNS on the primary server however I cannot seem to get them to add during
deployment. They show up in Hosts on the primary but not in DNS. I could
add them manually but I will be handing this over for multiple regions to
use to deploy FreeIPA so everything needs to work from the ansible-freeipa
collection and playbooks.
Vars here : https://pastebin.com/hZr0npHH
Playbook:
---
- name: Install FreeIPA Primary
hosts: ipaserver
become: true
roles:
- role: freeipa.ansible_freeipa.ipaserver
state: present
- name: Install FreeIPA replicas
hosts: ipareplicas
become: true
roles:
- role: freeipa.ansible_freeipa.ipareplica
state: present
--
*Mark Potter*
Senior Linux Administrator
3 years, 5 months
setup ipa server with DNS when domain is managed by existing DNS server but not yet managing the reverse zones I want to configure
by Rob van Halteren
Hello,
I have seen more threats like this but not exactly this topic.
I am setting up an IPA server in a existing internal domain on a B-class network range . I have already a DNS server running for this domain, but it holds only a C-class network range.
I tried to setup the IPA server with the "ipa-server-install --setup-dns --no-forwarders --auto-reverse --allow-zone-overlap" options but this does not work and results in the disability to create PTR records for any network range in my domain. + it than needs the existing DNS server as forwarder to be able to resolve global addresses.
I intent to install the IPA server as qualified DNS server for my domain , next to the existing DNS server and when setup, decommission the existing
DNS server.
Any help would be appreciated
Thanks. Rob.
3 years, 5 months