From: alex <alex@pdp7.net>
Date: Sun, 5 Feb 2023 18:55:10 +0000 (+0100)
Subject: Add FreeIPA setup to nc1
X-Git-Tag: 20240214-emacs~428
X-Git-Url: https://xn--ix-yja.es/gitweb/?a=commitdiff_plain;h=7db50c0ec91da9c048f4447dcab8eb4a8f1ad018;p=alex.git

Add FreeIPA setup to nc1
---

diff --git a/personal_infra/puppet/modules/freeipa/manifests/server.pp b/personal_infra/puppet/modules/freeipa/manifests/server.pp
new file mode 100644
index 0000000..6a96fc9
--- /dev/null
+++ b/personal_infra/puppet/modules/freeipa/manifests/server.pp
@@ -0,0 +1,3 @@
+class freeipa::server {
+  package {['ipa-server', 'ipa-server-dns']:}
+}
diff --git a/personal_infra/puppet/site/nc1.pdp7.net.pp b/personal_infra/puppet/site/nc1.pdp7.net.pp
index b314dfc..e6939c8 100644
--- a/personal_infra/puppet/site/nc1.pdp7.net.pp
+++ b/personal_infra/puppet/site/nc1.pdp7.net.pp
@@ -1,2 +1,3 @@
 node 'nc1.pdp7.net' {
+  class {'freeipa::server':}
 }
diff --git a/personal_infra/setup_ipa_replicas.md b/personal_infra/setup_ipa_replicas.md
new file mode 100644
index 0000000..683c956
--- /dev/null
+++ b/personal_infra/setup_ipa_replicas.md
@@ -0,0 +1,7 @@
+Update and reboot all IPA servers
+https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/2WMK5QOAI4TYF23UKODW3M6WB65BJCHT/
+
+firewall-cmd --permanent --add-port={80/tcp,443/tcp,389/tcp,636/tcp,88/tcp,88/udp,464/tcp,464/udp,53/
+firewall-cmd --reload
+ipa-client-install -p principal --domain=ipa.pdp7.net -W  --mkhomedir --ntp-pool=pool.ntp.org --force-join
+ipa-replica-install --ip-address=thishostaddress -n ipa.pdp7.net -P alex --setup-ca --setup-dns --forwarder=upstreamdnsforthishost