[Freeipa-users] Re: Auto cleanup old enrolled hosts
Any chance you can post the Lambda code that you use for the event? -- ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Freeipa-users] Re: Auto cleanup old enrolled hosts
On Tue, Feb 16, 2021 at 4:00 PM Russ Long via FreeIPA-users wrote: > > We're adding FreeIPA to an immutable, often rotated environment (AWS ECS > Hosts). These hosts are spun up and down at least daily. Is there a way to > check FreeIPA to see when a host has last communicated with the FreeIPA > Cluster? I'd like to use this information to auto-delete hosts that have not > reported in from the FreeIPA host list. Not easily (yet) unless you want to parse DS logs. See https://pagure.io/freeipa/issue/8130 for more information. François > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-users] Re: Auto cleanup old enrolled hosts
We have a similar situation where we end up with ~50k dead hosts after only a week; ended up creating a lambda dat pulls all the hosts out of IPA LDAP and then tries to find them each AWS account using the EC2 API. If a host is not found to be either running or shut-down but still stored and it's at least 24h old it gets deleted using the normal IPA host-del API command. This works for us because we enforce instance ID's being part of the hostname, and DNS suffix being related to an account. Alternatively you could search based on IP. Running it every couple of hours using a CloudWatch Job keeps the hosts entries clean. John > On 16 Feb 2021, at 15:51, Russ Long via FreeIPA-users > wrote: > > We're adding FreeIPA to an immutable, often rotated environment (AWS ECS > Hosts). These hosts are spun up and down at least daily. Is there a way to > check FreeIPA to see when a host has last communicated with the FreeIPA > Cluster? I'd like to use this information to auto-delete hosts that have not > reported in from the FreeIPA host list. > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-users] Re: Auto cleanup old enrolled hosts
The best way to handle this is via a CloudWatch event that triggers a Lambda when the EC2 is terminated to call the IPA REST API to remove the host. No need for all the rigamorale you are doing. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
