FreeIPA is a useful tool for managing hosts. I find myself wanting to do work on remote systems from my desktop using the ipa CLI. Here’s how I set it up.
Continue reading
Using the ipa CLI from an unenrolled workstation
Reply
Category Archives: FreeIPA
Install FreeIPA via Ansible
No better way to learn some more details of Ansible than to automate a task I need to do on a regular basis: ipa-server-install.
Adding an LDAP backed domain to a Packstack install
I’ve been meaning to put all the steps together to do this for a while:
Got an IPA server running on Centos7
Got a Packstack all in one install on Centos 7. I registered this host as a FreeIPA client, though that is not strictly required.
Continue reading
Who Signed that Token?
The specification For multiple signers requires a mechanism to determine who signed the token and then determine I’d the signer had the authority to issue a token for the scope of the token. These are the steps he he necessary to perform that validation.
Ansible Hostgroups from FreeIPA
Ansible provides management for a large array of servers using ssh as the access mechanism. This is a good match for FreeIPA. However, by default Ansible uses a flat file to store groups of hosts. How can we get that info from FreeIPA? Continue reading
Getting Service Users out of LDAP
Most people cannot write to the LDAP servers except to manage their own data. Thus, OpenStack requiring the Service users in LDAP is a burden that many IT organizations cannot assume. In Juno we have support for Multiple backends for domains.
Continue reading
Unattended Install of a FreeIPA Server
As a developer, I install and uninstall the application I’m working on all the time. Back when I was working on FreeIPA full time, I had a couple of functions that I used to do an unattended install with some simple defaults. I recently cleaned them up a little. Since a few people have asked me for them, I’m posting them here.
Testing S4U2Proxy
S4U2Proxy for Horizon
I’ve got a packstack install, and a Kerberos-capable Keystone. Time to call it from Horizon. Time to set up S4U2Proxy.
Continue reading
running the freeipa CLI from a non-client machine
A developer does things that are at odds with a production deployment. Case in point: the FreeIPA assumes that it should be run on an ipa-client machine. But as a developer, I need to talk to remote FreeIPA servers. Here’s how to make the CLI work without performing a client install.
Continue reading