03128e172e
Few changes have been merged to upstream swiftkerbauth repo. This commit brings it down to gluster-swift repo. Bringing below changes to gluster-swift repo in one go. http://review.gluster.org/#/c/6296/ http://review.gluster.org/#/c/6370/ http://review.gluster.org/#/c/6595/ http://review.gluster.org/#/c/6713/ http://review.gluster.org/#/c/6732/ Change-Id: I10dc12d75ec63fca313339fbc71e4f18071af552 Signed-off-by: Chetan Risbud <crisbud@redhat.com> Reviewed-on: http://review.gluster.org/6764 Reviewed-by: Prashanth Pai <ppai@redhat.com>
3.7 KiB
#IPA Server Guide
##Contents
- [Setup Overview] (#setup)
- [Configure Network] (#network)
- [Installing IPA Server] (#ipa-server)
- [Configuring DNS] (#dns)
- [Adding Users and Groups] (#users-groups)
Change hostname (FQDN) to server.rhelbox.com
hostname "server.rhelbox.com"
Add following to /etc/sysconfig/network file
HOSTNAME=server.rhelbox.com
Add the following to /etc/hosts file
192.168.56.110 server.rhelbox.com server
192.168.56.101 client.rhelbox.com client
Logout and login again and verify new hostname
hostname --fqdn
Turn off firewall
## Installing IPA Serverservice iptables stop
chkconfig iptables off
Install IPA server packages and DNS dependencies
yum install ipa-server bind bind-dyndb-ldap
Run the following interactive setup to install IPA server with DNS
ipa-server-install --setup-dns
The IPA Master Server will be configured with:
Hostname: server.rhelbox.com
IP address: 192.168.56.110
Domain name: rhelbox.com
Realm name: RHELBOX.COM
BIND DNS server will be configured to serve IPA domain with:
Forwarders: No forwarders
Reverse zone: 56.168.192.in-addr.arpa.
The installation may take some time.
Check if IPA is installed correctly :
## Configuring DNSkinit admin
ipa user-find admin
Edit /etc/resolv.conf to add this at beginning of file :
nameserver 192.168.56.110
Warning: NetworkManager changes resolv.conf on restart
Add a DNS A record and PTR record for the client under rhelbox.com zone
ipa dnsrecord-add rhelbox.com client --a-rec=192.168.56.101 --a-create-reverse
Check if DNS resolution is working by running :
dig server.rhelbox.com
;; ANSWER SECTION:
server.rhelbox.com. 1200 IN A 192.168.56.110
dig client.rhelbox.com
;; ANSWER SECTION:
client.rhelbox.com. 86400 IN A 192.168.56.101
Check if reverse resolution works :
dig -t ptr 101.56.168.192.in-addr.arpa.
;; ANSWER SECTION:
101.56.168.192.in-addr.arpa. 86400 IN PTR client.rhelbox.com.
dig -t ptr 110.56.168.192.in-addr.arpa.
;; ANSWER SECTION:
110.56.168.192.in-addr.arpa. 86400 IN PTR server.rhelbox.com.
The following convention is to be followed in creating group names:
<reseller-prefix>\_<volume-name>
<reseller-prefix>\_<account-name>
As of now, account=volume=group
For example:
AUTH\_test
Create auth_reseller_admin user group
ipa group-add auth_reseller_admin --desc="Full access to all Swift accounts"
Create auth_rhs_test user group
ipa group-add auth_rhs_test --desc="Full access to rhs_test account"
Create user auth_admin user as member of auth_reseller_admin user group
ipa user-add auth_admin --first=Auth --last=Admin --password
ipa group-add-member auth_reseller_admin --users=auth_admin
Create user rhs_test_admin as member of auth_rhs_test user group
ipa user-add rhs_test_admin --first=RHS --last=Admin --password
ipa group-add-member auth_rhs_test --users=rhs_test_admin
Create user jsmith with no relevant group membership
ipa user-add rhs_test_admin --first=RHS --last=Admin --password
You can verify users have been added by running
ipa user-find admin
NOTE: Every user has to change password on first login.