I tried creating a FreeIPA replica in GCE. GCE is a little weird in that it's DHCP assigns a /32 netmask to VMs. There does not seem to be any way to disable that specific behavior in GCE since as a user you have no control of the DHCP server. As a user you can create your own networks but it seems that under the hood Google wants to always route everything themselves, so even though they allow you to create say a /16 network, the machines all get a /32 netmask and use the gateway for routing, even within their own network. It's actually a little confusing because from the view of the the machine, you actually have no way of determining the size of the network (you have to actually learn the netmask/size of the virtual network via other means, like the glcoud command or web console)
But with the /32 netmask routing does work, and machines can find other machines. Unfortunately, the FreeIPA server install scripts seem to have some error checking that gets confused by the /32 netmask scheme GCE uses and causes the scripts to crap out. I managed to trick ipa-server-install into installing by temporarily manually opening up the netmask. It only kind of works, since in some cases it breaks networking and the connection to the machine is lost. However, once IPA server is set up, it keeps working and I can enroll client machines. It seems like too much of a hack and I couldn't get he same trick to work for replicas in any case. This is the error I get: File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 877, in main install_check(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 295, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 514, in install_check options.ip_addresses) File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 516, in get_server_ip_address sys.exit(1)ipa.ipapython.install.cli.install_tool(Replica): DEBUG The ipa-replica-install command failed, exception: SystemExit: 1 I went into installutils.py and commented out the error test at line 516: # if not ips: # print >> sys.stderr, "No usable IP address provided nor resolved." # sys.exit(1) It's an ugly hack but you can at least get past the error check and install the replica. Would it be possible to make the installer scripts a less sensitive to the /32 netmask?
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project