[Freeipa-users] Re: Manually join machines in stateless environment

[Florence Blanc-Renaud via FreeIPA-users]

On 9/23/19 1:10 AM, Vinícius Ferrão via FreeIPA-users wrote:
Hello, the subject of the message may sound a little bit strange, but let me 
explain what I’m trying to do.
I have a machine with an provisioner (xCAT) that is able to boot and control 
different types of computer nodes. A stateless node is just a machine that 
boots over the network from a shared image on the server.

What I’m trying to do?

Join those stateless nodes to FreeIPA Server.

To do this, I’m aware that I can’t just run freeipa-client-install on the image 
chroot, since it will not behave as expected.

At this point xCAT (the provisioner) can create the DNS registers of the 
stateless nodes on FreeIPA integrated DNS (using TSIG keys). But I need to 
properly join the nodes to the server.

There’s a way to manually register the nodes on the server?
And about the users? How to enable them? Just Configure SSSD on the image and 
it should be fine?
The certificates, client certificates and things like this? There’s something 
that I need to do?
Automount?

Any help is really appreciated.

Thanks,



_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org


Hi,
xCAT probably offers you the possibility to run a custom script at the 
end of the installation. If it's the case, you can use a workflow 
similar to what is described in "Setting up an IdM Client Through 
Kickstart" [1]. You need to create a client host entry first, and the 
custom script on the client will call ipa-client-install.

HTH,
flo

[1] 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/client-kickstart
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org