On Пан, 17 ліс 2025, Antoine Gatineau via FreeIPA-users wrote:
Hello community,
I'm trying to deploy a freeipa cluster using multiple interfaces.
eth0: just ssh access
eth1: replication between replicas
eth2: client to server communication
Each interface/ip would have a corresponding hostname.
Is this a viable solution?
I understand that certificates would need to be modified in order to be
valid for all hostnames. It is possible to overwrite the certificates
during installation (for http, ldap and pkinit) but that means
maintaining those certificates manually. Can the configuration be
modified to include extra hostnames in the automatic certificate
generation?
Is there anything else that needs to be tuned for that?
Has anyone done such a deployment?
I haven't done a deployment but I did a research some time ago to see
what needs to be handled to even consider this use case. You can read it
here: https://vda.li/en/posts/2023/08/16/Support-multi-homed-FreeIPA-Server/
This is pretty much unsupported use case right now.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
