[Freeipa-users] Re: deploying Freeipa ith script

John Keates via FreeIPA-users Wed, 29 May 2019 13:44:47 -0700

What I meant was that you are already practically disabling it; you specify the 
hostname, domain, server, realm on your command line but those should be 
discoverable.
Here is an enrollment jinja2 template I use:


ipa-client-install -U --enable-dns-updates 
--principal={{freeipa.client.enroll.username}} 
--password={{freeipa.client.enroll.password}}

It’s all that’s needed as long as your network has the correct setup. You’d 
replace the principal and password with your own of course.
It would probably look like:

ipa-client-install -U --enable-dns-updates —principal=admin --password=Deep201qa

John

> On 29 May 2019, at 22:39, Boudjoudad Abdelkader <boujou...@gmail.com> wrote:
> 
> Hi John,
> Thank you for the quick reply,
> 
> To disable autodiscrovery the option is ?
> --autodiscovery=no   
> 
> On Wed, May 29, 2019 at 4:18 PM John Keates <j...@keates.nl 
> <mailto:j...@keates.nl>> wrote:
> I don’t know what you are missing, but I do know that in theory your 
> enrolment should work with just -U for unattended and the principal and 
> password.
> Unless you have a special environment that requires auto discovery to be 
> disabled, I’d recommend using it.
> 
> I’m enrolling clients in three ways that all work this way, one using a 
> Cloud-Init module, one using a SaltStack formula and one using a Lambda 
> function that uses SSH to connect to a machine and run the enrolment remotely.
> 
> The text from your mount command seems to suggest a timeout issue, perhaps 
> the network isn’t up or DNS is broken? I’m also seeing you using an IP, it’s 
> usually a sign of an incomplete or improper network setup (but technically it 
> should be fine)
> 
> John
> 
>> On 29 May 2019, at 22:10, Boudjoudad Abdelkader via FreeIPA-users 
>> <freeipa-users@lists.fedorahosted.org 
>> <mailto:freeipa-users@lists.fedorahosted.org>> wrote:
>> 
>> Hello,
>> I'm trying to automate freeipa-client installation on Ubuntu with custom 
>> script using MAAS as follow :
>> HOSTNAME=$(hostname)
>> IP=$(hostname -i | awk '{print $1}')
>> echo "$HOSTNAME.example.com <http://hostname.example.com/>" > /etc/hostname
>> FQDN="$HOSTNAME.example.com <http://hostname.example.com/>"
>> echo "FQDN is: $FQDN"
>> sed -i  "1 i\
>> $IP $FQDN $HOSTNAME" /etc/hosts
>> apt-get -y update
>> apt-get install -y nfs-kernel-server nfs-common
>> DEBIAN_FRONTEND=noninteractive apt-get -y install freeipa-client
>> ipa-client-install  --hostname=$(hostname -f) --server=freeipa.example.com 
>> <http://freeipa.example.com/> --domain example.com <http://example.com/> 
>> --no-ntp --unattended --principal admin --password 'Deep201qa' --realm 
>> EXAMPLE.COM <http://example.com/> --enable-dns-updates
>> sed -i '/ticket_lifetime/a renew_lifetime = 28d' /etc/krb5.conf
>> service sssd restart
>> 
>> After the deployment i can do  kinit domain_user and ipa user-show without 
>> any problem, but when i tried to mount an nfs in /ec/fstab with the 
>> following options i get an error:
>> The  mount in /etc/fstab:  nfs4 
>> rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,soft,proto=tcp,timeo=600,retrans=2,sec=krb5,local_lock=none
>>  0 0
>> The error:
>> mount -av
>> /                        : ignored
>> none                     : ignored
>> mount.nfs4: timeout set for Wed May 29 20:04:29 2019
>> mount.nfs4: trying text-based options 
>> 'vers=4.2,rsize=1048576,wsize=1048576,namlen=255,soft,proto=tcp,timeo=600,retrans=2,sec=krb5,local_lock=none,addr=172.16.2.11,clientaddr=IP_ADDR0ESS
>> 
>> I tried to install  freeipa-client manually and the nfs mount works:
>> ipa-client-install
>> 
>> What i'm missing?
>> 
>> Thanks,
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org 
>> <mailto:freeipa-users@lists.fedorahosted.org>
>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org 
>> <mailto:freeipa-users-le...@lists.fedorahosted.org>
>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html 
>> <https://getfedora.org/code-of-conduct.html>
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines 
>> <https://fedoraproject.org/wiki/Mailing_list_guidelines>
>> List Archives: 
>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>>  
>> <https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org>
>

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: deploying Freeipa ith script

Reply via email to