Maybe I'm missing something really obvious here but how do you get Foreman
to join a FreeIPA client to a domain when it is provisioned?
I followed all the steps in the Foreman manual and successfully installed a
foreman-proxy agent on a FreeIPA server and then configured the realm and
proxy in foreman.
Then I created a new server and set it to join the realm and provisioned it
with foreman. When the installation finished I logged onto the server and
there were no ipa-client packages installed.
I also looked at all the facts for the machine when it showed up in
foreman's hosts list and although it is listed as a member of the correct
realm and domain, I could not find the ipa one time password anywhere?
So…
1)Am I supposed to do something to manually join the machine and am I
supposed to know where to look for the onetime password to do this?
or
2)Is Foreman supposed to run the 'ipa-client-install' step but I have to
manually configure foreman to do this?
I couldn't find any examples of what the actual steps are to make this work.
···
On Wed, Apr 8, 2015 at 2:17 PM, Nathan Peters wrote:
Maybe I’m missing something really obvious here but how do you get Foreman
to join a FreeIPA client to a domain when it is provisioned?
I followed all the steps in the Foreman manual and successfully installed
a foreman-proxy agent on a FreeIPA server and then configured the realm and
proxy in foreman.
Then I created a new server and set it to join the realm and provisioned
it with foreman. When the installation finished I logged onto the server
and there were no ipa-client packages installed.
I also looked at all the facts for the machine when it showed up in
foreman’s hosts list and although it is listed as a member of the correct
realm and domain, I could not find the ipa one time password anywhere?
So…
1)Am I supposed to do something to manually join the machine and am I
supposed to know where to look for the onetime password to do this?
or
2)Is Foreman supposed to run the ‘ipa-client-install’ step but I have to
manually configure foreman to do this?
I couldn’t find any examples of what the actual steps are to make this
work.
Is there somewhere in the official foreman docs you can point me to that
lists downloading or installing that snippet?
Is that snippet already on my server and I just need to activate it?
Did I miss some step in the docs or is this something you actually have to
google to find out?
···
On Wednesday, April 8, 2015 at 11:19:21 AM UTC-7, Josh wrote:
>
> Are you including the freeipa_register snippet [1] in your provisioning
> template?
>
> [1]
> https://github.com/theforeman/community-templates/blob/master/snippets/freeipa_register.erb
>
> Thanks,
>
> Josh
>
> On Wed, Apr 8, 2015 at 2:17 PM, Nathan Peters > wrote:
>
>> Maybe I'm missing something really obvious here but how do you get
>> Foreman to join a FreeIPA client to a domain when it is provisioned?
>>
>> I followed all the steps in the Foreman manual and successfully installed
>> a foreman-proxy agent on a FreeIPA server and then configured the realm and
>> proxy in foreman.
>>
>> Then I created a new server and set it to join the realm and provisioned
>> it with foreman. When the installation finished I logged onto the server
>> and there were no ipa-client packages installed.
>>
>> I also looked at all the facts for the machine when it showed up in
>> foreman's hosts list and although it is listed as a member of the correct
>> realm and domain, I could not find the ipa one time password anywhere?
>>
>> So...
>>
>> 1)Am I supposed to do something to manually join the machine and am I
>> supposed to know where to look for the onetime password to do this?
>>
>> or
>>
>> 2)Is Foreman supposed to run the 'ipa-client-install' step but I have to
>> manually configure foreman to do this?
>>
>> I couldn't find any examples of what the actual steps are to make this
>> work.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Foreman users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to foreman-user...@googlegroups.com .
>> To post to this group, send email to forema...@googlegroups.com
>> .
>> Visit this group at http://groups.google.com/group/foreman-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
There may be a version included with your Foreman distribution, but I'm
not certain. I would recommend using the version that I linked you to.
You will need to reference this in your main provisioning template:
Maybe I’m missing something really obvious here but how do you get
Foreman to join a FreeIPA client to a domain when it is provisioned?
I followed all the steps in the Foreman manual and successfully
installed a foreman-proxy agent on a FreeIPA server and then configured the
realm and proxy in foreman.
Then I created a new server and set it to join the realm and provisioned
it with foreman. When the installation finished I logged onto the server
and there were no ipa-client packages installed.
I also looked at all the facts for the machine when it showed up in
foreman’s hosts list and although it is listed as a member of the correct
realm and domain, I could not find the ipa one time password anywhere?
So…
1)Am I supposed to do something to manually join the machine and am I
supposed to know where to look for the onetime password to do this?
or
2)Is Foreman supposed to run the ‘ipa-client-install’ step but I have to
manually configure foreman to do this?
I couldn’t find any examples of what the actual steps are to make this
work.
Foreman 1.7 does indeed include that snippet and it is correctly included
in the default kickstart templates.
I had the newly provisioned client pointed to the wrong dns server so
registration failed when it couldn't lookup the host.
···
On Wednesday, April 8, 2015 at 11:31:59 AM UTC-7, Josh wrote:
>
> There *may* be a version included with your Foreman distribution, but I'm
> not certain. I would recommend using the version that I linked you to.
> You will need to reference this in your main provisioning template:
>
> <% if @host.info["parameters"]["realm"] && @host.otp && @host.realm &&
> @host.realm.realm_type == "FreeIPA" -%>
> # IdM Registration
> <%= snippet "freeipa_register" %>
> <% end -%>
>
> The documentation around this probably needs some updating.
>
> Thanks,
>
> Josh
>
> On Wed, Apr 8, 2015 at 2:27 PM, Nathan Peters > wrote:
>
>> I hadn't heard of this before.
>>
>> Is there somewhere in the official foreman docs you can point me to that
>> lists downloading or installing that snippet?
>>
>> Is that snippet already on my server and I just need to activate it?
>>
>> Did I miss some step in the docs or is this something you actually have
>> to google to find out?
>>
>>
>>
>> On Wednesday, April 8, 2015 at 11:19:21 AM UTC-7, Josh wrote:
>>>
>>> Are you including the freeipa_register snippet [1] in your provisioning
>>> template?
>>>
>>> [1] https://github.com/theforeman/community-templates/blob/master/
>>> snippets/freeipa_register.erb
>>>
>>> Thanks,
>>>
>>> Josh
>>>
>>> On Wed, Apr 8, 2015 at 2:17 PM, Nathan Peters >>> wrote:
>>>
>>>> Maybe I'm missing something really obvious here but how do you get
>>>> Foreman to join a FreeIPA client to a domain when it is provisioned?
>>>>
>>>> I followed all the steps in the Foreman manual and successfully
>>>> installed a foreman-proxy agent on a FreeIPA server and then configured the
>>>> realm and proxy in foreman.
>>>>
>>>> Then I created a new server and set it to join the realm and
>>>> provisioned it with foreman. When the installation finished I logged onto
>>>> the server and there were no ipa-client packages installed.
>>>>
>>>> I also looked at all the facts for the machine when it showed up in
>>>> foreman's hosts list and although it is listed as a member of the correct
>>>> realm and domain, I could not find the ipa one time password anywhere?
>>>>
>>>> So...
>>>>
>>>> 1)Am I supposed to do something to manually join the machine and am I
>>>> supposed to know where to look for the onetime password to do this?
>>>>
>>>> or
>>>>
>>>> 2)Is Foreman supposed to run the 'ipa-client-install' step but I have
>>>> to manually configure foreman to do this?
>>>>
>>>> I couldn't find any examples of what the actual steps are to make this
>>>> work.
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Foreman users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to foreman-user...@googlegroups.com.
>>>> To post to this group, send email to forema...@googlegroups.com.
>>>> Visit this group at http://groups.google.com/group/foreman-users.
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Foreman users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to foreman-user...@googlegroups.com .
>> To post to this group, send email to forema...@googlegroups.com
>> .
>> Visit this group at http://groups.google.com/group/foreman-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
