FreeIPA : レプリケーションの設定2015/03/21 |
|
FreeIPA レプリケーションの設定です。
当例では以下のような環境を例にします。 +----------------------+ | +----------------------+ | [ FreeIPA Master ] |10.0.0.30 | 10.0.0.51| [ FreeIPA Replica ] | | dlp.ipa.srv.world +----------+----------+ node01.ipa.srv.world | | | | | +----------------------+ +----------------------+ |
| [1] | |
| [2] | FreeIPA マスターホスト上で、レプリカサーバーとしたいホストを [ipaservers] グループに追加します。 |
|
[root@dlp ~]# ipa hostgroup-add-member ipaservers --hosts node01.ipa.srv.world Host-group: ipaservers Description: IPA server hosts Member hosts: dlp.ipa.srv.world, node01.ipa.srv.world ------------------------- Number of members added 1 ------------------------- # firewalld 稼働中の場合は以下も設定 [root@dlp ~]# firewall-cmd --add-service=freeipa-replication --permanent success [root@dlp ~]# firewall-cmd --reload success |
| [3] | レプリカサーバーとしたいホスト上でレプリケーションの設定をします。 |
|
# firewalld 稼働中の場合は事前に設定 [root@node01 ~]# firewall-cmd --add-service={freeipa-ldap,freeipa-ldaps,dns,ntp,freeipa-replication} --permanent success [root@node01 ~]# firewall-cmd --reload success
[root@node01 ~]#
yum -y install ipa-server # レプリケーション セットアップ [root@node01 ~]# ipa-replica-install Run connection check to master Connection check OK Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot ..... ..... [7/9]: stopping directory server [8/9]: restoring configuration [9/9]: starting directory server Done. Restarting the KDC |
| [4] | レプリケーションホストで正常にセットアップが完了すると、レプリケーションホスト上でもユーザーアカウントの追加等が実施可能です。 |
|
[root@node01 ~]# kinit admin Password for admin@IPA.SRV.WORLD: [root@node01 ~]# ipa user-add fedora --first=Fedora --last=Linux --password Password: Enter Password again to verify: ------------------- Added user "fedora" ------------------- User login: fedora First name: Fedora Last name: Linux Full name: Fedora Linux Display name: Fedora Linux Initials: FL Home directory: /home/fedora GECOS: Fedora Linux Login shell: /bin/bash Principal name: fedora@IPA.SRV.WORLD Principal alias: fedora@IPA.SRV.WORLD Email address: fedora@ipa.srv.world UID: 1032500500 GID: 1032500500 Password: True Member of groups: ipausers Kerberos keys available: True[root@node01 ~]# ipa user-find --------------- 6 users matched --------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash Principal alias: admin@IPA.SRV.WORLD UID: 1032400000 GID: 1032400000 Account disabled: False User login: cent First name: cent Last name: cent Home directory: /home/cent Login shell: /bin/bash Principal name: cent@IPA.SRV.WORLD Principal alias: cent@IPA.SRV.WORLD Email address: cent@ipa.srv.world UID: 1032400001 GID: 1032400001 Account disabled: False ..... ..... User login: fedora First name: Fedora Last name: Linux Home directory: /home/fedora Login shell: /bin/bash Principal name: fedora@IPA.SRV.WORLD Principal alias: fedora@IPA.SRV.WORLD Email address: fedora@ipa.srv.world UID: 1032500500 GID: 1032500500 Account disabled: False ---------------------------- Number of entries returned 6 ---------------------------- |
| Sponsored Link |