Martin Basti wrote: > > > On 07.12.2016 08:48, List dedicated to discussions about use, > configuration and deployment of the IPA server. wrote: >> Hello, >> >> the --hostname option to the installer currently modifies the hostname >> of the machine. In some environments, namely in unprivileged >> containers, that operation is not denied. In some cases, it is >> possible to change the FQDN of the container from outside, for example >> with docker run's -h option. However, in some environments, namely in >> OpenShift, there is not such possibility. >> >> I have found out that disabling the change by turning /bin/hostnamectl >> and /usr/bin/domainname makes ipa-server-install pass while the server >> gets configured with the hostname specified as the parameter to >> --hostname option so it does not seem to be essential for the FQDN to >> change. Of course, some operations might no longer work, like ssh to >> the FreeIPA machine as sshd would need to be set with >> GSSAPIStrictAcceptorCheck no. >> >> I wonder if either change of the --hostname semantics, or some new >> option would be useful, to specify the hostname to be used by the >> FreeIPA software while not touching the configuration of the hostname >> for the machine. >> > > I agree that --hostname options should not touch system's hostname, I > don't see reason why application installer should change system hostname.
It was done for sanity because a staggering number of users it seems don't properly set their hostname. > I'd start with deprecating current behavior of this option in next release IMHO it is a pretty significant change of behavior. > As you mentioned we need find what cases can be broken when we will use > different local and external hostname, but anyway we have do this for > containers. Agreed. Something needs to happen, I'm just not convinced it should happen in --hostname. I generally oppose new options but one might be warranted in this case to handle things. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project