I'm looking for a way to automatize certificate creation for services hosted on
servers inside a highly available cluster.
exemple: we have the following setup :
- http/serverha (an IPA service that will be highly available)
- server01 (not kickstarted yet)
- server02 (not kickstarted yet)
Both server01 and server02 must be able to get http/serverha certificate when kickstarted,
but I find this impossible because they are not part of "managed by" hosts
configured in service http/serverha
I'm forced to add manually each host to "managed by" section of the service,
but only after it is kickstarted, which ruins my automatation goal
I hope this explanation is clear.
1 - Is there an elegant (ie. official) way to automaticaly manage this situation ?
2 - My intuitive solution would be to use automember to put server01 and server02 inside
the same hostgroup and to able to add hostsgroups to the "managed by" section on
a service, but this is not possible on my current setup (IPA v4.6.8) - only adding hosts
(not hostgroups!) are allowed. Could this be a legitimate RFE I should write?
Please note that I'm not suppose to know beforehand the precise name of serverXY ? it
could be server24... ;)
Thanks for your answers,