On 01/05/2015 03:24 PM, Janelle wrote: > Hi everyone, Happy New Year. > > Was following this thread and wondering about those of us with a couple of > 2000-3000 servers to run ipa-client-install on? Any suggestions? Was looking > around for even the basics of puppet or chef configs, but nothing exists. > > Any suggestions? One of the concerns I have is, even with puppet/chef, you > need > credentials during the install to "add" the client on the server. Security?
Right, it is not a very good idea to bake an admin password in the Puppet scripts. Couple options you can follow: - Install clients using pre-created one time password or host keytab (you need to create the client host entry first) - If you still want to use the privileged account to enroll the client, you can also pass it's password to ipa-client-install stdin, when it's running it unattended mode. This way you will avoid having it baked in your configs directly: # cat /root/enrollman_password | ipa-client-install --unattended --principal enrollman HTH. > > ~J > > > On 1/5/15 3:27 AM, Martin Kosek wrote: >> On 12/29/2014 09:54 PM, Dmitri Pal wrote: >>> On 12/20/2014 05:02 AM, Ben .T.George wrote: >>>> Hi >>>> >>>> I was trying to configure centos as ipa client and got failed with that,. >>>> >>>> anyone please help me to configure centos as ipa client through manual >>>> configuration. >>>> >>>> Regards, >>>> Ben >>>> >>>> >>> Sorry for a delayed response. >>> What version of CentOS? What version of the server? >>> Why manually? On CentOS you can use ipa-client-install and it will do the >>> work >>> for you. >>> What did you do and what did not work? >> You can find some info here: >> http://www.freeipa.org/page/Troubleshooting#Client_Installation >> >> If I read correctly, you are trying to do manual configuration. This may be a >> tricky procedure and is not tested regularly. ipa-client-install is the way >> to >> go in most deployments as it helps you avoid the pitfalls you probably hit. >> >> Martin >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
