Bug 819630

Summary: [RFE] Improve IPA usability in Amazon EC2 environment
Product: Red Hat Enterprise Linux 7 Reporter: Rob Crittenden <rcritten>
Component: ipaAssignee: Martin Kosek <mkosek>
Status: CLOSED CURRENTRELEASE QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: dpal, jgalipea, jpazdziora, mkosek
Target Milestone: rcKeywords: FutureFeature
Target Release: 7.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-02-19 12:03:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rob Crittenden 2012-05-07 19:16:45 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2715

This ticket is a follow up for #2648.

Amazon EC2 cloud environment network architecture does not play well with IPA's demand for static IP address bound to one of its network interfaces. A short description of the EC2 networking:
* VM has a private dynamic IP address which changes upon reboot of the machine
* VM has a public IP address that can be used to access the IPA machine from the outside networks
* User can ask for ''elastic IP'' which are not assigned to an interface but are always redirected correctly to the current instance

To solve this ticket we would need to at least:
* Make IP address checks less strict - the check if IP address is assigned to interface should rather be a warning and not a blocking error
  * This would enable user to use elastic IP address as IPA IP address that is then inserted to the `/etc/hosts` and used in DNS records
  * We need to make sure that DNS, client enrollment, Web UI, replication works correctly
* Do more investigation if we can help with the use of dynamic address as IPA IP address. We can at least provide some example in our documentation about how to update IPA IP address in `/etc/hosts` after reboot
Comment 6 Martin Kosek 2016-02-19 12:03:29 UTC 
I think this bug is too general. FreeIPA can be already used in Cloud Environments (like FreeIPA Public Demo running in the OpenStack), we can work on improvements and usability, but I would rather track the specific improvement requests than this catch all Bugzilla.
Comment 7 Jan Pazdziora 2016-02-19 12:15:48 UTC 
It is sad to see this bugzilla closed without pointer to where those specific issues will be tracked.

I agree that the comment 0 could have described specific Steps to reproduce to make it more clear where the pain points but there is enough material there that we seem to lose. Can't we turn this bugzilla into a tracker, with the individual issues tracked under it?
Comment 8 Martin Kosek 2016-02-19 12:33:06 UTC 
I would rather track this in the upstream tracker and for example start marking related tickets with "ec2", "openstack" or similar keyword. I am afraid that maintaining the tracker here in the Bugzilla would just again lead to obsoleting Bug (like this one) that is not being actively updated.