Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added documentation for FreeIPA configuration #344

Merged
merged 2 commits into from
Jan 23, 2025
Merged

Added documentation for FreeIPA configuration #344

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3e717e5
Added documentation for FreeIPA configuration
Scirelgar Jan 22, 2025
83cd20e
fixed typos marked by github_actions/codespell
Scirelgar Jan 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 14 additions & 2 deletions docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1355,12 +1355,24 @@ Examples of LDAP user definition with hieradata are provided in
#### 10.3.2 Command-Line

To add a user account after the cluster is built, log in `mgmt1` and call:

```bash
kinit admin
IPA_GUEST_PASSWD=<new_user_passwd> /sbin/ipa_create_user.py <username> [--group <group_name>]
kdestroy
```

<details>

<summary>Tips on using command-line to configure FreeIPA</summary>

1. Once connected to a login node, access `mgmt1` with `[centos@login1 ~]$ ssh mgmt1`.
2. Retrieve the `profile::freeipa::server::admin_password` encrypted value following instructions in section [10.13](#1013-read-and-edit-secret-values-generated-at-boot) (you only need the value in between '[...]' brackets).
3. Log in to FreeIPA with `kinit admin` using the password retrieved in step 2.
4. The `ipa` command now is available to accomplish administrator tasks, here's a [detailed guide](https://www.freeipa.org/page/Administrators_Guide.html).

</details>

#### 10.3.3 Mokey

If user sign-up with Mokey is enabled, users can create their own account at
Expand All @@ -1375,7 +1387,7 @@ https://ipa.yourcluster.domain.tld/
```

The FreeIPA administrator credentials can be retrieved from an encrypted file
on the Puppet server. Refer to section [10.14](#1014-read-and-edit-secret-values-generated-at-boot)
on the Puppet server. Refer to section [10.13](#1013-read-and-edit-secret-values-generated-at-boot)
to know how.

### 10.4 Increase the Number of Guest Accounts
Expand Down Expand Up @@ -1556,7 +1568,7 @@ This process has three steps:

The following subsection explains how to accomplish each step.

**Warning**: While it will work in most cases, avoid re-using the compute node image of a
**Warning**: While it will work in most cases, avoid reusing the compute node image of a
previous deployment. The preparation steps cleans most
of the deployment specific configuration and secrets, but there is no guarantee
that the configuration will be entirely compatible with a different deployment.
Expand Down
Loading