Anyone have any experience with FreeIPA?
Is there a Foreman/Puppet module available? (Forge? GitHub? FreeIPA.org?)
I’ve found some docs about installing the FreeIPA server and client pieces,
but the Foreman integration info is a little thin. Any clues would be most appreciated!
Running on CentOS 7:
foreman 1.20.1
puppet 5.5.10
katello 3.10.0
We use FreeIPA integration with foreman for some years. That work really fine, and the documentation that Dirk pointed to you was sufficient for us to make it work. No need of puppet or anything more than foreman-installer with some options. For any host you create in foreman (and associate to the realm) on FreeIPA side it will create host, set an OTP, install client parts and register it automatically on provisioning (I talk for kickstart at least, we use only that provisioning method in with FreeIPA), and remove the host in FreeIPA (and its DNS if you want) when you remove your host from foreman. So you don’t have to do any action on FreeIPA side for these two actions. On the FreeIPA side, you can also add auto-member rules to add your new host to needed host groups to automate further your host creation/deletion workflow.
On the FreeIPA servers installation part, our instances are some years old now and this part was not automated, but the FreeIPA installation is really simple, even in multi-master deployment and its documentation is really good.
The IPA server requires an administrative user, named ‘admin’.
This user is a regular system account used for IPA server administration.
I am afraid that this conflicts with my foreman user “admin” when I installed foreman.
How should I proceed with their instructions for Creating LDAP Authentication Source?
Which user should I use? Should I create a new user, such as myself, and where? In LDAP or foreman?