Re: [Freeipa-users] how to configure Linux Cent Os as ipa client manual installation
On 01/05/2015 10:26 AM, Rob Crittenden wrote: Janelle wrote: Hi everyone, Happy New Year. Was following this thread and wondering about those of us with a couple of 2000-3000 servers to run ipa-client-install on? Any suggestions? Was looking around for even the basics of puppet or chef configs, but nothing exists. Any suggestions? One of the concerns I have is, even with puppet/chef, you need credentials during the install to "add" the client on the server. Security? If you want puppet I'd start with https://github.com/purpleidea/puppet-ipa As for enrolling a slew of systems, it depends on whether they are new or to-be-deployed. You can generate an OTP for the clients to avoid having to pass around admin-level credentials, for example. You can do this for existing or new, but it can be easier on new systems as the OTP can be passed in during kickstart. You might want to consider Foreman which now has IPA integration for automatic provisioning and enrollment. rob ~J On 1/5/15 3:27 AM, Martin Kosek wrote: On 12/29/2014 09:54 PM, Dmitri Pal wrote: On 12/20/2014 05:02 AM, Ben .T.George wrote: Hi I was trying to configure centos as ipa client and got failed with that,. anyone please help me to configure centos as ipa client through manual configuration. Regards, Ben Sorry for a delayed response. What version of CentOS? What version of the server? Why manually? On CentOS you can use ipa-client-install and it will do the work for you. What did you do and what did not work? You can find some info here: http://www.freeipa.org/page/Troubleshooting#Client_Installation If I read correctly, you are trying to do manual configuration. This may be a tricky procedure and is not tested regularly. ipa-client-install is the way to go in most deployments as it helps you avoid the pitfalls you probably hit. Martin -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] how to configure Linux Cent Os as ipa client manual installation
Janelle wrote: > Hi everyone, Happy New Year. > > Was following this thread and wondering about those of us with a couple > of 2000-3000 servers to run ipa-client-install on? Any suggestions? Was > looking around for even the basics of puppet or chef configs, but > nothing exists. > > Any suggestions? One of the concerns I have is, even with puppet/chef, > you need credentials during the install to "add" the client on the > server. Security? If you want puppet I'd start with https://github.com/purpleidea/puppet-ipa As for enrolling a slew of systems, it depends on whether they are new or to-be-deployed. You can generate an OTP for the clients to avoid having to pass around admin-level credentials, for example. You can do this for existing or new, but it can be easier on new systems as the OTP can be passed in during kickstart. rob > > ~J > > > On 1/5/15 3:27 AM, Martin Kosek wrote: >> On 12/29/2014 09:54 PM, Dmitri Pal wrote: >>> On 12/20/2014 05:02 AM, Ben .T.George wrote: Hi I was trying to configure centos as ipa client and got failed with that,. anyone please help me to configure centos as ipa client through manual configuration. Regards, Ben >>> Sorry for a delayed response. >>> What version of CentOS? What version of the server? >>> Why manually? On CentOS you can use ipa-client-install and it will do >>> the work >>> for you. >>> What did you do and what did not work? >> You can find some info here: >> http://www.freeipa.org/page/Troubleshooting#Client_Installation >> >> If I read correctly, you are trying to do manual configuration. This >> may be a >> tricky procedure and is not tested regularly. ipa-client-install is >> the way to >> go in most deployments as it helps you avoid the pitfalls you probably >> hit. >> >> Martin >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] how to configure Linux Cent Os as ipa client manual installation
On 01/05/2015 03:24 PM, Janelle wrote: > Hi everyone, Happy New Year. > > Was following this thread and wondering about those of us with a couple of > 2000-3000 servers to run ipa-client-install on? Any suggestions? Was looking > around for even the basics of puppet or chef configs, but nothing exists. > > Any suggestions? One of the concerns I have is, even with puppet/chef, you > need > credentials during the install to "add" the client on the server. Security? Right, it is not a very good idea to bake an admin password in the Puppet scripts. Couple options you can follow: - Install clients using pre-created one time password or host keytab (you need to create the client host entry first) - If you still want to use the privileged account to enroll the client, you can also pass it's password to ipa-client-install stdin, when it's running it unattended mode. This way you will avoid having it baked in your configs directly: # cat /root/enrollman_password | ipa-client-install --unattended --principal enrollman HTH. > > ~J > > > On 1/5/15 3:27 AM, Martin Kosek wrote: >> On 12/29/2014 09:54 PM, Dmitri Pal wrote: >>> On 12/20/2014 05:02 AM, Ben .T.George wrote: Hi I was trying to configure centos as ipa client and got failed with that,. anyone please help me to configure centos as ipa client through manual configuration. Regards, Ben >>> Sorry for a delayed response. >>> What version of CentOS? What version of the server? >>> Why manually? On CentOS you can use ipa-client-install and it will do the >>> work >>> for you. >>> What did you do and what did not work? >> You can find some info here: >> http://www.freeipa.org/page/Troubleshooting#Client_Installation >> >> If I read correctly, you are trying to do manual configuration. This may be a >> tricky procedure and is not tested regularly. ipa-client-install is the way >> to >> go in most deployments as it helps you avoid the pitfalls you probably hit. >> >> Martin >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] how to configure Linux Cent Os as ipa client manual installation
Hi everyone, Happy New Year. Was following this thread and wondering about those of us with a couple of 2000-3000 servers to run ipa-client-install on? Any suggestions? Was looking around for even the basics of puppet or chef configs, but nothing exists. Any suggestions? One of the concerns I have is, even with puppet/chef, you need credentials during the install to "add" the client on the server. Security? ~J On 1/5/15 3:27 AM, Martin Kosek wrote: On 12/29/2014 09:54 PM, Dmitri Pal wrote: On 12/20/2014 05:02 AM, Ben .T.George wrote: Hi I was trying to configure centos as ipa client and got failed with that,. anyone please help me to configure centos as ipa client through manual configuration. Regards, Ben Sorry for a delayed response. What version of CentOS? What version of the server? Why manually? On CentOS you can use ipa-client-install and it will do the work for you. What did you do and what did not work? You can find some info here: http://www.freeipa.org/page/Troubleshooting#Client_Installation If I read correctly, you are trying to do manual configuration. This may be a tricky procedure and is not tested regularly. ipa-client-install is the way to go in most deployments as it helps you avoid the pitfalls you probably hit. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] how to configure Linux Cent Os as ipa client manual installation
On 12/29/2014 09:54 PM, Dmitri Pal wrote: > On 12/20/2014 05:02 AM, Ben .T.George wrote: >> >> Hi >> >> I was trying to configure centos as ipa client and got failed with that,. >> >> anyone please help me to configure centos as ipa client through manual >> configuration. >> >> Regards, >> Ben >> >> > Sorry for a delayed response. > What version of CentOS? What version of the server? > Why manually? On CentOS you can use ipa-client-install and it will do the work > for you. > What did you do and what did not work? You can find some info here: http://www.freeipa.org/page/Troubleshooting#Client_Installation If I read correctly, you are trying to do manual configuration. This may be a tricky procedure and is not tested regularly. ipa-client-install is the way to go in most deployments as it helps you avoid the pitfalls you probably hit. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] how to configure Linux Cent Os as ipa client manual installation
On 12/20/2014 05:02 AM, Ben .T.George wrote: Hi I was trying to configure centos as ipa client and got failed with that,. anyone please help me to configure centos as ipa client through manual configuration. Regards, Ben Sorry for a delayed response. What version of CentOS? What version of the server? Why manually? On CentOS you can use ipa-client-install and it will do the work for you. What did you do and what did not work? -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
