Add FreeIPA setup to nc1

diff --git a/personal_infra/puppet/modules/freeipa/manifests/server.pp b/personal_infra/puppet/modules/freeipa/manifests/server.pp
new file mode 100644 (file)
index 0000000..6a96fc9
--- /dev/null
+++ b/personal_infra/puppet/modules/freeipa/manifests/server.pp
@@ -0,0 +1,3 @@
+class freeipa::server {
+  package {['ipa-server', 'ipa-server-dns']:}
+}

diff --git a/personal_infra/puppet/site/nc1.pdp7.net.pp b/personal_infra/puppet/site/nc1.pdp7.net.pp
index b314dfc029c05f229e45692d6dcb7bcda073a9bd..e6939c8e200f58d9bdde98d0a743743e34d37aa7 100644 (file)
--- a/personal_infra/puppet/site/nc1.pdp7.net.pp
+++ b/personal_infra/puppet/site/nc1.pdp7.net.pp
@@ -1,2 +1,3 @@
 node 'nc1.pdp7.net' {
+  class {'freeipa::server':}
 }

diff --git a/personal_infra/setup_ipa_replicas.md b/personal_infra/setup_ipa_replicas.md
new file mode 100644 (file)
index 0000000..683c956
--- /dev/null
+++ b/personal_infra/setup_ipa_replicas.md
@@ -0,0 +1,7 @@
+Update and reboot all IPA servers
+https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/2WMK5QOAI4TYF23UKODW3M6WB65BJCHT/
+
+firewall-cmd --permanent --add-port={80/tcp,443/tcp,389/tcp,636/tcp,88/tcp,88/udp,464/tcp,464/udp,53/
+firewall-cmd --reload
+ipa-client-install -p principal --domain=ipa.pdp7.net -W  --mkhomedir --ntp-pool=pool.ntp.org --force-join
+ipa-replica-install --ip-address=thishostaddress -n ipa.pdp7.net -P alex --setup-ca --setup-dns --forwarder=upstreamdnsforthishost