Bug 33671 – Define "sites" in UCS / use "sites" in services

Bug 33671 - Define "sites" in UCS / use "sites" in services


Summary:	Define "sites" in UCS / use "sites" in services

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	General
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-12-05 16:55 CET by Ingo Steuwer
Modified:	2020-07-03 20:43 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Further conceptual development, Large environments, Roadmap discussion (moved)
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ingo Steuwer

2013-12-05 16:55:11 CET

In larger environments there are limitations in our failover/configuration possibilities.

i.e. in a larger UCS@school infrastructure, per default a central service (like Nagios webinterface) uses PAM/Kerberos for authentication. Kerberos is configured to lookup the KDCs from DNS service records. Those service records contain all School DCs, which are often blocked in firewalls. Authentication against central services then "sometimes" doesn't work, depending on the random order of the service record.

Furthermore, defining load balancing and failover for LDAP or KDC servers is complicated (one per individual Policies) or impossible (I didn't found a way to define more than one KDC per UCR).

It would be nice to adopt the site concept for LDAP and authentication services.

Comment 1 Arvid Requate

2013-12-09 14:40:48 CET

> Those service records contain all School DCs

Really? AFAIK this should not be the case, see Bug 27395, UCS Variable dns/register/srv_records/kerberos

Comment 2 Ingo Steuwer

2013-12-09 15:02:23 CET

(In reply to Arvid Requate from comment #1)
> > Those service records contain all School DCs
> 
> Really? AFAIK this should not be the case, see Bug 27395, UCS Variable
> dns/register/srv_records/kerberos

The scenario is not (or not yet) Samba4-based.

But the same would always be true if one has several DCs behind WAN with UCS default (without UCS@school).

Comment 3 Stefan Gohmann

2017-06-16 20:38:42 CEST

This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4.

If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.

Comment 4 Florian Best

2017-06-28 14:52:07 CEST

There is a Customer ID set so I set the flag "Enterprise Customer affected".