Create a host and get a keytab from the CLI

Since I have to do this a lot, figured I would write it down here. Follow on to Kerberizing a Service in OpenShift.

ipa host-add $HOST --force
ipa service-add $PRINCIPAL -force
ipa-getkeytab -k keytabs/$PRINCIPAL.keytab -p $PRINCIPAL

With that keytab uploaded as a secret, the host also allows authentication via Kerberos. Note that I scped it to my local machine

$ scp ~/keytabs/HTTP/ 
$ mkdir ~/keytabs/HTTP/
$ cp ~/keytabs/HTTP/ ~/keytabs/HTTP/

The command to upload it is then:

oc create secret generic apache-container-keytab --from-file ~/keytabs/HTTP/

Yes, this is screaming for Ansible.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.