Hello, this patch fix some setup outputs and remove outdated section about updating freeIPA version 2
-- Martin Basti
>From d0781341370cfa9e434fdff4cc0fe19eaf44eee0 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Mon, 26 Aug 2013 15:28:42 +0200 Subject: [PATCH] Chapter 2 - Installing Fixed setup outputs Removed outdated section about updating version 2 https://fedorahosted.org/freeipa/ticket/3763 --- src/user_guide/en-US/Installing.xml | 199 ++++++++++++++++++++---------------- 1 file changed, 113 insertions(+), 86 deletions(-) diff --git a/src/user_guide/en-US/Installing.xml b/src/user_guide/en-US/Installing.xml index 4e653012ad21615480f59ceeadf83f5771cde1b4..3e9ba40971b53972dc2afac6639050fa49974b0c 100644 --- a/src/user_guide/en-US/Installing.xml +++ b/src/user_guide/en-US/Installing.xml @@ -85,7 +85,7 @@ <section id="supported-browsers"><title>Supported Web Browsers</title> <para> - The only supported browser to access the &IPA; web UI is Firefox 3.x or 4.x. + The only supported browser to access the &IPA; web UI is Firefox (version 4.x and newer). </para> </section> @@ -602,91 +602,96 @@ negative-time-to-live hosts 20 </listitem> <listitem> <para> + Choose to not configure DNS. (If you need to configure DNS see <xref linkend="install-dns" />.) + </para> + <programlisting> Do you want to configure integrated DNS (BIND)? [no]: </programlisting> + </listitem> + <listitem> + <para> Enter the hostname. This is determined automatically using reverse DNS. </para> -<programlisting language="Bash">Server host name [ipaserver.example.com]:</programlisting> +<programlisting>Server host name [ipaserver.example.com]:</programlisting> </listitem> <listitem> <para> Enter the domain name. This is determined automatically based on the hostname. </para> -<programlisting language="Bash">Please confirm the domain name [example.com]:</programlisting> - </listitem> - <listitem> - <para> - The script then reprints the hostname, IP address, and domain name. - </para> -<programlisting language="Bash">The IPA Master Server will be configured with -Hostname: ipaserver.example.com -IP address: 192.168.1.1 -Domain name: example.com</programlisting> +<programlisting>Please confirm the domain name [example.com]:</programlisting> </listitem> + <listitem> <para> Enter the new Kerberos realm name. This is usually based on the domain name. </para> -<programlisting language="Bash">Please provide a realm name [EXAMPLE.COM]:</programlisting> +<programlisting>Please provide a realm name [EXAMPLE.COM]:</programlisting> </listitem> <listitem> <para> Enter the password for the &DS; superuser, <command>cn=Directory Manager</command>. There are password strength requirements for this password, including a minimum password length. </para> -<programlisting language="Bash">Directory Manager password: +<programlisting>Directory Manager password: Password (confirm):</programlisting> </listitem> <listitem> <para> Enter the password for the &IPA; system user account, <command>admin</command>. This user is created on the machine. </para> -<programlisting language="Bash">IPA admin password: +<programlisting>IPA admin password: Password (confirm):</programlisting> </listitem> <listitem> <para> + The script then reprints the hostname, IP address, domain name and realm name. + </para> +<programlisting>The IPA Master Server will be configured with +Hostname: ipaserver.example.com +IP address: 192.168.1.1 +Domain name: example.com +Realm name: EXAMPLE.COM + +Continue to configure the system with these values? [no]: yes</programlisting> + </listitem> + <listitem> + <para> After that, the script configures all of the associated services for &IPA;, with task counts and progress bars. </para> -<programlisting language="Bash">Configuring ntpd +<programlisting>Configuring NTP daemon (ntpd) [1/4]: stopping ntpd - ... -done configuring ntpd. - -Configuring directory server for the CA: Estimated time 30 seconds - [1/3]: creating directory server user -... -done configuring pkids. - -Configuring certificate server: Estimated time 6 minutes - [1/17]: creating certificate server user -.... -done configuring pki-cad. - -Configuring directory server: Estimated time 1 minute - [1/32]: creating directory server user -... -done configuring dirsrv. - -Configuring Kerberos KDC: Estimated time 30 seconds - [1/14]: setting KDC account password -... -done configuring krb5kdc. - + ... +Done configuring NTP daemon (ntpd). +Configuring directory server (dirsrv): Estimated time 1 minute + [1/38]: creating directory server user + ... +Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds + [1/20]: creating certificate server user + ... +Done configuring certificate server (pki-tomcatd). +Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds + [1/10]: adding sasl mappings to the directory + ... +Done configuring Kerberos KDC (krb5kdc). Configuring kadmin - [1/2]: starting kadmin + [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot -done configuring kadmin. - -Configuring the web interface: Estimated time 1 minute - [1/12]: disabling mod_ssl in httpd -... -done configuring httpd. -Setting the certificate subject base -restarting certificate server +Done configuring kadmin. +Configuring ipa_memcached + [1/2]: starting ipa_memcached + [2/2]: configuring ipa_memcached to start on boot +Done configuring ipa_memcached. +Configuring ipa-otpd + [1/2]: starting ipa-otpd + [2/2]: configuring ipa-otpd to start on boot +Done configuring ipa-otpd. +Configuring the web interface (httpd): Estimated time 1 minute + [1/15]: disabling mod_ssl in httpd + ... +Done configuring the web interface (httpd). Applying LDAP updates Restarting the directory server Restarting the KDC +Sample zone file for bind has been created in /tmp/sample.zone.pUfcGp.db Restarting the web server -Sample zone file for bind has been created in /tmp/sample.zone.ygzij5.db -============================================================================== +======================================================================== Setup complete</programlisting> </listitem> <listitem> @@ -697,6 +702,11 @@ Setup complete</programlisting> </listitem> <listitem> <para> + Check if required ports from <xref linkend="tab.ipa-ports" /> are open. + </para> + </listitem> + <listitem> + <para> Authenticate to the Kerberos realm using the admin user's credentials to ensure that the user is properly configured and the Kerberos realm is accessible. </para> <programlisting language="Bash">[root@server ~]# kinit admin @@ -706,19 +716,22 @@ Password for ad...@example.com:</programlisting> <para> Test the &IPA; configuration by running a command like <command>ipa user-find</command>. For example: </para> -<programlisting language="Bash">[root@server ~]# ipa user-find admin - -------------- - 1 user matched - -------------- +<programlisting>[root@server ~]# ipa user-find admin +-------------- +1 user matched +-------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash + UID: 939000000 + GID: 939000000 Account disabled: False - Member of groups: admins - ---------------------------- - Number of entries returned 1 - ----------------------------</programlisting> + Password: True + Kerberos keys available: True +---------------------------- +Number of entries returned 1 +----------------------------</programlisting> </listitem> </orderedlist> </section> @@ -769,7 +782,8 @@ Password for ad...@example.com:</programlisting> The IPA Master Server will be configured with Hostname: ipaserver.example.com IP address: 192.168.1.1 -Domain name: example.com</programlisting> +Domain name: example.com +Realm name: EXAMPLE.COM</programlisting> <para> The server name must be a valid DNS name, which means only numbers, alphabetic characters, and hyphens (-) are allowed. Other characters, like underscores, in the hostname will cause DNS failures. Additionally, the hostname must all be lower-case. No capital letters are allowed. @@ -907,7 +921,7 @@ The next step is to get /root/ipa.csr signed by your CA and re-run ipa-server-in <para> The script then prompts for DNS forwarders. If forwarders will be used, enter yes, and then supply the list of DNS servers. If &IPA; will manage its own DNS service, then enter no. </para> -<programlisting language="Bash">Do you want to configure DNS forwarders? [yes]: no +<programlisting>Do you want to configure DNS forwarders? [yes]: no No DNS forwarders configured</programlisting> </listitem> <listitem> @@ -919,18 +933,20 @@ No DNS forwarders configured</programlisting> <para> Before completing the configuration, the script prompts to ask whether it should configure reverse DNS services. If you select yes, then it configures the <systemitem>named</systemitem> service. </para> -<programlisting language="Bash">Do you want to configure the reverse zone? [yes]: yes -Configuring named: - [1/9]: adding DNS container - [2/9]: setting up our zone - [3/9]: setting up reverse zone - [4/9]: setting up our own record - [5/9]: setting up kerberos principal - [6/9]: setting up named.conf - [7/9]: restarting named - [8/9]: configuring named to start on boot - [9/9]: changing resolv.conf to point to ourselves -done configuring named. +<programlisting>Do you want to configure the reverse zone? [yes]: yes +Configuring DNS (named) + [1/11]: adding DNS container + [2/11]: setting up our zone + [3/11]: setting up reverse zone + [4/11]: setting up our own record + [5/11]: setting up records for other masters + [6/11]: setting up CA record + [7/11]: setting up kerberos principal + [8/11]: setting up named.conf + [9/11]: restarting named + [10/11]: configuring named to start on boot + [11/11]: changing resolv.conf to point to ourselves +Done configuring DNS (named). ============================================================================== Setup complete</programlisting> </listitem> @@ -1001,7 +1017,7 @@ Setup complete</programlisting> To resolve this issue, remove the <package>bind-chroot</package> package and then restart the &IPA; server. <programlisting language="Bash">[root@server ~]# yum remove bind-chroot -# ipactl restart</programlisting> +[root@server ~]# ipactl restart</programlisting> </para> </section> @@ -1057,13 +1073,14 @@ Setup complete</programlisting> </listitem> <listitem> <para> - The replica must be the same version as the original master server. If the master server is running on &RHEL; 6.3, &IPA; version 2.2.x, then the replica must also run on &RHEL; 6.3 and use the &IPA; 2.2.x packages. + The replica must be the same or newer version as the original master server. If the master server is running on &RHEL; 6.3, &IPA; version 3.4.x, then the replica must also run on &RHEL; 6.3 and use the &IPA; 3.4.x packages or newer. </para> - <important><title>IMPORTANT</title> + <!--<important><title>IMPORTANT</title> <para> Creating a replica of a different version than the master <emphasis role="bold">is not supported</emphasis>. Attempting to create a replica using a different version fails when attempting to configure the &DSF; instance. </para> </important> + --> </listitem> <listitem> <para> @@ -1104,17 +1121,20 @@ Setup complete</programlisting> Run the <command>ipa-replica-prepare</command> command <emphasis>on the master &IPA; server</emphasis>. The command requires the fully-qualified domain name of the <emphasis>replica</emphasis> machine. Using the <option>--ip-address</option> option automatically creates DNS entries for the replica, including the A and PTR records for the replica to the DNS. </para> -<programlisting language="Bash">[root@server ~]# ipa-replica-prepare ipareplica.example.com --ip-address 192.168.1.2 +<programlisting>[root@server ~]# ipa-replica-prepare ipareplica.example.com --ip-address 192.168.1.2 -Determining current realm name -Getting domain name from LDAP Preparing replica for ipareplica.example.com from ipaserver.example.com -Creating SSL certificate for the &DS; +Creating SSL certificate for the Directory Server +Creating SSL certificate for the dogtag Directory Server +Saving dogtag Directory Server port Creating SSL certificate for the Web Server +Exporting RA certificate Copying additional files Finalizing configuration -Packaging the replica into replica-info-ipareplica.example.com -</programlisting> +Packaging replica information into /var/lib/ipa/replica-info-ipareplica.example.com.gpg +Adding DNS records for ipareplica.example.com +Using reverse zone 1.168.192.in-addr.arpa. +The ipa-replica-prepare command was successful</programlisting> <important><title>IMPORTANT</title> <para> @@ -1160,13 +1180,13 @@ Packaging the replica into replica-info-ipareplica.example.com <para> For example: </para> -<programlisting language="Bash">[root@ipareplica ~]# ipa-replica-install --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-ipareplica.example.com.gpg +<programlisting>[root@ipareplica ~]# ipa-replica-install --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-ipareplica.example.com.gpg Directory Manager (existing master) password: Warning: Hostname (ipareplica.example.com) not found in DNS Run connection check to master -Check connection from replica to remote master 'ipareplica. example.com': +Check connection from replica to remote master 'ipaserver.example.com': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK @@ -1186,7 +1206,7 @@ ad...@example.com password: Execute check on remote master ad...@example.com's password: -Check connection from master to remote replica 'ipareplica. example.com': +Check connection from master to remote replica 'ipareplica.example.com': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK @@ -1258,7 +1278,7 @@ _ntp._udp <para> If the initial &IPA; server was created with DNS enabled, then the replica is created with the proper DNS entries. For example: </para> -<programlisting>[root@ipareplica ~]# DOMAIN=example.com +<programlisting language="Bash">[root@ipareplica ~]# DOMAIN=example.com [root@ipareplica ~]# NAMESERVER=ipareplica [root@ipareplica ~]# for i in _ldap._tcp _kerberos._tcp _kerberos._udp _kerberos-master._tcp _kerberos-master._udp _ntp._udp; do echo ""; dig @${NAMESERVER} ${i}.${DOMAIN} srv +nocmd +noquestion +nocomments +nostats +noaa +noadditional +noauthority; done | egrep -v "^;" | egrep _ @@ -1365,6 +1385,11 @@ comparetAndWaitEntries ou=people,o=ipaca not found, let's wait</screen> <section id="Uninstalling_IPA_Servers"> <title>Uninstalling &IPA; Servers and Replicas</title> <para> + <important><title>IMPORTANT</title> + <para> + To uninstall replica please read the <xref linkend="removing-replica" /> first. + </para> + </important> To uninstall both &IPAA; server and &IPAA; replica, pass the <option>--uninstall</option> option to the <command>ipa-server-install</command> command: <programlisting language="Bash">[root@ipareplica ~]# ipa-server-install --uninstall</programlisting> @@ -1372,6 +1397,7 @@ comparetAndWaitEntries ou=people,o=ipaca not found, let's wait</screen> </section> +<!-- -out of date section <section id="upgrading"> <title condition="redhat">Upgrading &PROD; to &RHEL; 6.4</title> <title condition="fedora">Upgrading from &IPA; 2.1 to 2.2</title> @@ -1414,7 +1440,7 @@ comparetAndWaitEntries ou=people,o=ipaca not found, let's wait</screen> <para> The LDAP upgrade operation is logged in the upgrade log at <filename>/var/log/ipaupgrade-log</filename>. If any LDAP errors occur, then they are recorded in that log. Once any errors are resolved, the LDAP update process can be manually initiated by running the updater script: </para> -<screen>[root@server ~]# ipa-ldap-updater --upgrade</screen> +<screen>[root@server ~]# ipa-ldap-updater ––upgrade</screen> </listitem> <listitem> <para> @@ -1547,5 +1573,6 @@ comparetAndWaitEntries ou=people,o=ipaca not found, let's wait</screen> </orderedlist> </section> </section> + - END out of date section --> </chapter> -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
