Hi Perhaps some boot script to run the ipa-client-install command when a new instance boots up? I'm not sure how the system would behave if you run the ipa-client-install command multiple times, should the same machine name boots more than once.
For HBAC rules you can use "auto-member" to automatically put new hosts into particular host groups for which you would have existing HABC rules. Regards Angus ________________________________ From: Vinícius Ferrão via FreeIPA-users <freeipa-users@lists.fedorahosted.org> Sent: 23 September 2019 01:10 To: freeipa-users@lists.fedorahosted.org <freeipa-users@lists.fedorahosted.org> Cc: Vinícius Ferrão <fer...@versatushpc.com.br> Subject: [Freeipa-users] Manually join machines in stateless environment Hello, the subject of the message may sound a little bit strange, but let me explain what I’m trying to do. I have a machine with an provisioner (xCAT) that is able to boot and control different types of computer nodes. A stateless node is just a machine that boots over the network from a shared image on the server. What I’m trying to do? Join those stateless nodes to FreeIPA Server. To do this, I’m aware that I can’t just run freeipa-client-install on the image chroot, since it will not behave as expected. At this point xCAT (the provisioner) can create the DNS registers of the stateless nodes on FreeIPA integrated DNS (using TSIG keys). But I need to properly join the nodes to the server. There’s a way to manually register the nodes on the server? And about the users? How to enable them? Just Configure SSSD on the image and it should be fine? The certificates, client certificates and things like this? There’s something that I need to do? Automount? Any help is really appreciated. Thanks,
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
