[Freeipa-users] Re: deploying Freeipa ith script

Wed, 29 May 2019 13:40:51 -0700 

Hi John,
Thank you for the quick reply,

To disable autodiscrovery the option is ?
--autodiscovery=no

On Wed, May 29, 2019 at 4:18 PM John Keates <j...@keates.nl> wrote:

> I don’t know what you are missing, but I do know that in theory your
> enrolment should work with just -U for unattended and the principal and
> password.
> Unless you have a special environment that requires auto discovery to be
> disabled, I’d recommend using it.
>
> I’m enrolling clients in three ways that all work this way, one using a
> Cloud-Init module, one using a SaltStack formula and one using a Lambda
> function that uses SSH to connect to a machine and run the enrolment
> remotely.
>
> The text from your mount command seems to suggest a timeout issue, perhaps
> the network isn’t up or DNS is broken? I’m also seeing you using an IP,
> it’s usually a sign of an incomplete or improper network setup (but
> technically it should be fine)
>
> John
>
> On 29 May 2019, at 22:10, Boudjoudad Abdelkader via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
> Hello,
> I'm trying to automate freeipa-client installation on Ubuntu with custom
> script using MAAS as follow :
> HOSTNAME=$(hostname)
> IP=$(hostname -i | awk '{print $1}')
> echo "$HOSTNAME.example.com <http://hostname.example.com/>" >
> /etc/hostname
> FQDN="$HOSTNAME.example.com <http://hostname.example.com/>"
> echo "FQDN is: $FQDN"
> sed -i  "1 i\
> $IP $FQDN $HOSTNAME" /etc/hosts
> apt-get -y update
> apt-get install -y nfs-kernel-server nfs-common
> DEBIAN_FRONTEND=noninteractive apt-get -y install freeipa-client
> ipa-client-install  --hostname=$(hostname -f) --server=freeipa.example.com
> --domain example.com --no-ntp --unattended --principal admin --password
> 'Deep201qa' --realm EXAMPLE.COM <http://example.com/> --enable-dns-updates
> sed -i '/ticket_lifetime/a renew_lifetime = 28d' /etc/krb5.conf
> service sssd restart
>
> After the deployment i can do  kinit domain_user and ipa user-show without
> any problem, but when i tried to mount an nfs in /ec/fstab with the
> following options i get an error:
> The  mount in /etc/fstab:  nfs4
> rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,soft,proto=tcp,timeo=600,retrans=2,sec=krb5,local_lock=none
> 0 0
> The error:
> mount -av
> /                        : ignored
> none                     : ignored
> mount.nfs4: timeout set for Wed May 29 20:04:29 2019
> mount.nfs4: trying text-based options
> 'vers=4.2,rsize=1048576,wsize=1048576,namlen=255,soft,proto=tcp,timeo=600,retrans=2,sec=krb5,local_lock=none,addr=172.16.2.11,clientaddr=IP_ADDR0ESS
>
> I tried to install  freeipa-client manually and the nfs mount works:
> ipa-client-install
>
> What i'm missing?
>
> Thanks,
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>
>
>

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to