sudo hostnamectl set-hostname svc01.rockyhowto.lab
sudo echo "10.9.8.10 svc01.rockyhowto.lab svc01" >> /etc/hosts
sudo echo "search lan rockyhowto.lab" > /etc/resolv.conf
sudo echo "nameserver 10.9.8.10" >> /etc/resolv.conf
sudo dnf install -y freeipa-server ipa-server-dns freeipa-client
sudo ipa-server-install -v \
--unattended \
--domain=rockyhowto.lab \
--hostname svc01.rockyhowto.lab \
--ip-address=10.9.8.10 \
--realm ROCKYHOWTO.LAB \
--ds-password ChangePassword \
--admin-password ChangePassword \
--setup-dns \
--auto-reverse \
--forwarder=8.8.8.8 \
--ntp-pool=north-america.pool.ntp.org
sudo kinit admin
sudo ipa dnszone-mod --allow-transfer=10.9.8.0/24 rockyhowto.lab
sudo ipa dnsrecord-add rockyhowto.lab @ --mx-rec="0 mail.rockyhowto.lab"
sudo systemctl enable --now nfs-server rpcbind
mkdir /home/domainusers
echo '/home/domainusers 10.9.8.0/24(rw,sync,no_subtree_check,root_squash)' >> /etc/exports
exportfs -rav
ipa service-add nfs/cwo02.rockyhowto.lab
sudo kadmin.local
ktadd nfs/cwo02.rockyhowto.lab
exit
systemctl restart nfs-server
sudo ipa config-mod --homedirectory=/home/domainusers --defaultshell=/bin/bash
sudo ipa group-add --desc='local administrators' sudoers
sudo ipa sudorule-add sudoers_sudo \
--hostcat=all \
--runasusercat=all \
--runasgroupcat=all \
--cmdcat=all
sudo ipa sudorule-add-user sudoers_sudo --group sudoers
sudo ipa sudorule-add-option sudoers_sudo --sudooption='!authenticate'
sudo authselect enable-feature with-sudo
sudo systemctl restart sssd
sudo ipa user-add ansible --first=Ansible --last=Automation --password
sudo mkdir -m0750 -p /home/domainusers/ansible/.ssh
sudo ssh-keygen \
-C ansible@rockyhowto.lab \
-f /home/domainusers/ansible/.ssh/id_rsa \
-q -N ""
sudo chown -hRv ansible:ansible /home/domainusers/ansible
sudo ipa user-mod ansible --sshpubkey="$(cat /home/domainusers/ansible/.ssh/id_rsa.pub)"
sudo ipa group-add-member sudoers --users=ansible
sudo ipa host-add --ip-address 10.9.8.110 cpt01.rockyhowto.lab
sudo ipa dnsrecord-add rockyhowto.lab cpt01 --ttl=3600 --a-ip-address=10.9.8.110
tee /etc/httpd/conf.d/repo.conf > /dev/null << 'EOT'
Alias /repo/ /home/repo/
<Directory /home/repo/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
EOT
semanage fcontext -a -t public_content_t "/home/repo(/.*)?"
restorecon -F -R -v /home/repo
tee /etc/httpd/conf.d/pxe.conf > /dev/null << 'EOT'
Alias /tftpboot/ /home/tftpboot/
<Directory /home/tftpboot/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
EOT
semanage fcontext -a -t public_content_t "/home/tftpboot(/.*)?"
restorecon -F -R -v /home/tftpboot
systemctl restart httpd
ipa help commands
ipa --version
ipa config-show
ipactl status
klist
ipa user-show
ipa group-find
Add User
ipa user-add labrat --first=Lab --last=Rat --password
ipa user-mod labrat --password
ssh-keygen \
-C labrat@rockyhowto.lab \
-f /home/domainusers/labrat/.ssh/id_rsa \
-q -N ""
chown -hRv labrat:labrat /home/domainusers/labrat
ipa user-mod labrat --sshpubkey="$(cat /home/domainusers/labrat/.ssh/id_rsa.pub)"
ipa group-add-member sudoers --users=labrat
Add System
kinit admin
ipa host-add --ip-address 10.9.8.1 cwo01.rockyhowto.lab
ipa dnsrecord-add rockyhowto.lab cwo01 --ttl=3600 --a-ip-address=10.9.8.1
ipa host-add --ip-address 10.9.8.110 cpt01.rockyhowto.lab
ipa dnsrecord-add rockyhowto.lab cpt01 --ttl=3600 --a-ip-address=10.9.8.110
ipa host-add --ip-address 10.9.8.120 sgt01.rockyhowto.lab
ipa dnsrecord-add rockyhowto.lab sgt01 --ttl=3600 --a-ip-address=10.9.8.120
ipa host-add --ip-address 10.9.8.130 pvt01.rockyhowto.lab
ipa dnsrecord-add rockyhowto.lab pvt01 --ttl=3600 --a-ip-address=10.9.8.130
ipa host-add --ip-address 10.9.8.140 pvt02.rockyhowto.lab
ipa dnsrecord-add rockyhowto.lab pvt02 --ttl=3600 --a-ip-address=10.9.8.140