Freeipa nfs/machine.fqdn host enrollment

Support
#1

Hi,

Is it possible to create (and manage) a nfs/machine.fqdn record in freeipa
like the host/machine.fqdn (cf
Foreman :: Manual )?

I want to install a nfsv4/kerberos computer parc and I would like to
automatise as much as possible.
I have seen this


but it is not enough …

Can somebody help me ?

Best regards ?

#2

Yes I think this is possible. I think in an earlier project my team got
that working, but the only issue was hostgroup ACLs on the IPA server. That
needed to be done manually. I think its possible tho, and I know there is a
module on PuppetForge that will bring a node into IPA fairly easily. I will
look through my old docs and see if I can find the relevant info. We
weren't using NFS tho, so maybe you'll need a hybrid solution.

··· On Thursday, July 17, 2014 5:06:19 AM UTC+8, James James wrote: > > Hi, > > Is it possible to create (and manage) a nfs/machine.fqdn record in freeipa > like the host/machine.fqdn (cf > http://theforeman.org/manuals/1.5/index.html#4.3.11FreeIPARealm - private > )? > > I want to install a nfsv4/kerberos computer parc and I would like to > automatise as much as possible. > I have seen this > https://github.com/stbenjam/community-templates/blob/freeipa-fixes/snippets/freeipa_register.erb > - private > > but it is not enough ... > > Can somebody help me ? > > Best regards ? >
#3

We only do host registration at the moment.

The simplest solution is to have your own snippet to do something like
this:

yum -y install ipa-admintools
echo passord | kinit someuser
ipa service-add nfs/hostname

That's simple but not very good. You'll have to create a user that has
rights to create service principals, and store the password in the
snippet.

I'd say the best way would be to use Foreman hooks to run the ipa
service-add commands: https://github.com/theforeman/foreman_hooks

In fact, before we had the host regisration in Foreman, I did this with
hooks: https://bitbin.de/blog/2013/11/foreman-freeipa-integration-guide/

If you'd like to see this as a feature in foreman, feel free to open a
feature request - Foreman

Hope that helps

··· On Wed, Jul 16, 2014 at 11:06:18PM +0200, James James wrote: > Hi, > > Is it possible to create (and manage) a nfs/machine.fqdn record in freeipa > like the host/machine.fqdn (cf > http://theforeman.org/manuals/1.5/index.html#4.3.11FreeIPARealm )? > > I want to install a nfsv4/kerberos computer parc and I would like to > automatise as much as possible. > I have seen this > https://github.com/stbenjam/community-templates/blob/freeipa-fixes/snippets/freeipa_register.erb > but it is not enough ... > > Can somebody help me ?


Stephen Benjamin

Red Hat GmbH | http://de.redhat.com/ | Sitz: Grasbrunn
Handelsregister: Amtsgericht München, HRB 153243
Geschäftsführer: Charles Cachera, Michael Cunningham,
Michael O’Neill, Charles Peters

#4

Thanks a lot for your answers.

I am facing a problem with the hooks.

I was following this links :
https://github.com/theforeman/foreman_hooksbut it's look like jgrep
cannot parse the data.

I don't know if I am in the wrong way but the server send this data to the
hook script :

{"utf8"=>"✓",
"authenticity_token"=>"btOw2VIrXoBP6kdpwCFNOHpiH/F2LfL4xElPoMzpikQ=",
"host"=>{"name"=>"client1.example.com", "hostgroup_id"=>"7",
"compute_resource_id"=>"", "environment_id"=>"1",
"puppet_ca_proxy_id"=>"1", "puppet_proxy_id"=>"1",
"config_group_ids"=>[""], "puppetclass_ids"=>[""], "managed"=>"true",
"progress_report_id"=>"[FILTERED]", "type"=>"Host::Managed",
"domain_id"=>"1", "realm_id"=>"2", "mac"=>"54:52:eb:01:4e:9A",
"subnet_id"=>"1", "ip"=>"192.168.0.104",
"interfaces_attributes"=>{"new_interfaces"=>{"_destroy"=>"false",
"type"=>"Nic::Managed", "mac"=>"", "name"=>"", "domain_id"=>"", "ip"=>"",
"provider"=>"IPMI"}}, "architecture_id"=>"1", "operatingsystem_id"=>"1",
"provision_method"=>"build", "build"=>"1", "medium_id"=>"6",
"ptable_id"=>"10", "disk"=>"", "root_pass"=>"[FILTERED]",
"is_owned_by"=>"1-Users", "enabled"=>"1", "model_id"=>"", "comment"=>"",
"overwrite"=>"false"}}

It is not JSON :slight_smile:

How can jgrep processed this data ?

Can anyone helps me ?

regards.

··· Le jeudi 17 juillet 2014 11:09:57 UTC+2, Stephen Benjamin a écrit : > > On Wed, Jul 16, 2014 at 11:06:18PM +0200, James James wrote: > > Hi, > > > > Is it possible to create (and manage) a nfs/machine.fqdn record in > freeipa > > like the host/machine.fqdn (cf > > http://theforeman.org/manuals/1.5/index.html#4.3.11FreeIPARealm )? > > > > I want to install a nfsv4/kerberos computer parc and I would like to > > automatise as much as possible. > > I have seen this > > > https://github.com/stbenjam/community-templates/blob/freeipa-fixes/snippets/freeipa_register.erb > > but it is not enough ... > > > > Can somebody help me ? > > We only do host registration at the moment. > > The simplest solution is to have your own snippet to do something like > this: > > yum -y install ipa-admintools > echo passord | kinit someuser > ipa service-add nfs/`hostname` > > That's simple but not very good. You'll have to create a user that has > rights to create service principals, and store the password in the > snippet. > > I'd say the best way would be to use Foreman hooks to run the ipa > service-add commands: https://github.com/theforeman/foreman_hooks > > In fact, before we had the host regisration in Foreman, I did this with > hooks: https://bitbin.de/blog/2013/11/foreman-freeipa-integration-guide/ > > If you'd like to see this as a feature in foreman, feel free to open a > feature request - > http://projects.theforeman.org/projects/foreman/issues/new > > > Hope that helps > > > > -- > Stephen Benjamin > > ______________________________________________________ > Red Hat GmbH | http://de.redhat.com/ | Sitz: Grasbrunn > Handelsregister: Amtsgericht München, HRB 153243 > Geschäftsführer: Charles Cachera, Michael Cunningham, > Michael O'Neill, Charles Peters > > >