Hi,
I was not able to reproduce this issue:
# ipa host-add myhost.ipa.test --ip-address $IP
# ipa dnsrecord-find ipa.test
> shows myhost.ipa.test has been added
# ipa host-add-principal myhost host/myalias.ipa.test
# ipa dnsrecord-find ipa.test
> no new record added
DNS records are added when the command "ipa host-add --ip-address" is used,
when a host is joined with ipa-client-install, or when "ipa dnsrecord-add"
is called. You can check in /var/log/httpd/error_log if you find trace of
such a command.
flo
On Mon, Sep 13, 2021 at 1:46 PM Buckley Ross via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Hello,
I'm trying to provision an HTTP service principal for a containerized
service. The host on which the container is running also has a kerberized
HTTP service running on it with a separate service principal (both services
are highly critical, but for different systems, and thus should probably
have separate keytabs).
Since both services share an IP address (but are serving HTTP on different
ports), this seemed like a perfect application of kerberos host aliases.
However, when I provisioned a host alias with `ipa host-add-principal
myHost host/myAlias.domain.com`, I found that on DNS records were
provisioned for `myAlias.domain.com`, thus making the alias completely
useless for resolving to the container. Is this a bug in the host-alias
system, or am I missing something?
Thank you for your time.
Thank you,
Buckley Ross
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure