Hi Flo,I think you misread my question.
I am not running `ipa host-add`. I am running `ipa host-add-principal`. I would expect that if I am adding a new principal to a host, that principal's DNS name would be added with either a CNAME or an A record, pointing back to the original host. Is there a reason that this does not happen? I cannot understand the utility of being able to add a new principal to a host if that principal is not routable via DNS.
Thanks,Buckley RossOn Tue, Sep 14, 2021 at 7:17 AM Florence Renaud <flo@redhat.com> wrote:Hi,I was not able to reproduce this issue:# ipa host-add myhost.ipa.test --ip-address $IP# ipa dnsrecord-find ipa.test>> shows myhost.ipa.test has been added# ipa host-add-principal myhost host/myalias.ipa.test# ipa dnsrecord-find ipa.test>> no new record addedDNS records are added when the command "ipa host-add --ip-address" is used, when a host is joined with ipa-client-install, or when "ipa dnsrecord-add" is called. You can check in /var/log/httpd/error_log if you find trace of such a command.floOn Mon, Sep 13, 2021 at 1:46 PM Buckley Ross via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:_______________________________________________Hello,I'm trying to provision an HTTP service principal for a containerized service. The host on which the container is running also has a kerberized HTTP service running on it with a separate service principal (both services are highly critical, but for different systems, and thus should probably have separate keytabs).Since both services share an IP address (but are serving HTTP on different ports), this seemed like a perfect application of kerberos host aliases. However, when I provisioned a host alias with `ipa host-add-principal myHost host/myAlias.domain.com`, I found that on DNS records were provisioned for `myAlias.domain.com`, thus making the alias completely useless for resolving to the container. Is this a bug in the host-alias system, or am I missing something?Thank you for your time.Thank you,Buckley Ross
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure