This pull request puts the FreeIPA cluster behind a load balancer.
Please read the message associated with commit edb2f2525106cd766de372f195fa228bfc58db80.
See also:
cisagov/ansible-role-freeipa-server#49
cisagov/freeipa-server-tf-module/pull/65
cisagov/freeipa-server-packer/pull/79
š Motivation and context
With these changes, if a FreeIPA server becomes unresponsive DNS will automatically be updated to remove the unresponsive server from the rotation. It is hoped that these changes will help correct the errors described in cisagov/cool-system-internal#89.
š§Ŗ Testing
All automated tests pass. I currently have these changes deployed to our COOL staging environment, and they appear to be functioning as expected.
ā Pre-approval checklist
[x] This PR has an informative and human-readable title.
[x] Changes are limited to a single goal - eschew scope creep!
[ ] All future TODOs are captured in issues, which are referenced in code comments.
[x] All relevant type-of-change labels have been added.
Unfortunately these changes didn't pan out. Anything that uses GSSAPI cannot be behind a load balancer, since the principal must contain the actual hostname and not that of the load balancer.
š£ Description
This pull request puts the FreeIPA cluster behind a load balancer.
Please read the message associated with commit edb2f2525106cd766de372f195fa228bfc58db80.
See also:
š Motivation and context
With these changes, if a FreeIPA server becomes unresponsive DNS will automatically be updated to remove the unresponsive server from the rotation. It is hoped that these changes will help correct the errors described in cisagov/cool-system-internal#89.
š§Ŗ Testing
All automated tests pass. I currently have these changes deployed to our COOL staging environment, and they appear to be functioning as expected.
ā Pre-approval checklist