On 21/07/2025 13:35, alexey safonov via FreeIPA-users wrote:
Hi, we have slurm cluster that is spinning up virtual machines and
destroying them after load, so the controller is IPA enrolled, but is
there are any way to auto enroll virtual machine to IPA so we have
same UIDs/GIDs across the cluster?
Alex
Do you actually need the compute machines to be joined to the domain? If
you only need UIDs/GIDs to resolve to names, try nss_slurm.
If you do want to properly join the compute nodes, you will have to
create hosts for them in your domain. As Tomasz user suggested, you can
use password authentication on each machine to run ipa-client-install,
but the problem I've run into with this is that the passwords are
intended to be used only once: once the password has been used to join
the host to the domain, it can't be used a second time unless the host
is disabled & a new password is set.
One way around this is to use certificates to authenticate (PKINIT).
This requires a bit of setup in your domain. There's a thread about it
here:
https://lists.fedorahosted.org/archives/list/[email protected]/thread/MILDHR644JSWEGUNZOPG5SXASTEPVUYZ/
--
Sam Morris <https://robots.org.uk/>
PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
