lol lol via FreeIPA-users wrote:
Thank you for the detailed answer.
Yes I am aware of the $HOME issue, I do the same as you.
My concern is the following scenario:
Host is an ipa client, VM is an ipa server.
When I reboot the machine, some services like certmonger do not start correctly on the
client because the server is still down.
So it's logical that some services running on the host enrolled with ipa (or even the
host itselft, i'm not sure) will fail to get a new certificate and I'd have to
bother with resetting/updating some components manually which is dirty.
That's why I'd like to identify all ipa services and make them sleep for a few
minutes before starting so that the vm has the time to boot.
What are your thoughts?
I'd also like to hear a developer's opinion, I bet they deal with such scenarios
as they mention vms in documentation, when describing replication for example.
Things are simpler if you have a client. SSSD will work offine if the
server isn't available yet.
certmonger also doesn't require IPA to be immediately available at
startup. The worst that would happen is if a cert was detected as
expiring soon and IPA wasn't update you'd get a CA_UNREACHABLE state and
it would try again later.
rob