CentOS 7
Sponsored Link

FreeIPA : レプリケーションの設定2015/03/21

 
FreeIPA レプリケーションの設定です。
当例では以下のような環境を例にします。
+----------------------+          |          +----------------------+
| [  FreeIPA Master ]  |10.0.0.30 | 10.0.0.51| [  FreeIPA Replica ] |
|  dlp.ipa.srv.world   +----------+----------+ node01.ipa.srv.world |
|                      |                     |                      |
+----------------------+                     +----------------------+

[1]
[2] FreeIPA マスターホスト上で、レプリカサーバーとしたいホストを [ipaservers] グループに追加します。
[root@dlp ~]#
ipa hostgroup-add-member ipaservers --hosts node01.ipa.srv.world

  Host-group: ipaservers
  Description: IPA server hosts
  Member hosts: dlp.ipa.srv.world, node01.ipa.srv.world
-------------------------
Number of members added 1
-------------------------

# firewalld 稼働中の場合は以下も設定

[root@dlp ~]#
firewall-cmd --add-service=freeipa-replication --permanent

success
[root@dlp ~]#
firewall-cmd --reload

success
[3] レプリカサーバーとしたいホスト上でレプリケーションの設定をします。
# firewalld 稼働中の場合は事前に設定

[root@node01 ~]#
firewall-cmd --add-service={freeipa-ldap,freeipa-ldaps,dns,ntp,freeipa-replication} --permanent

success
[root@node01 ~]#
firewall-cmd --reload

success
[root@node01 ~]#
yum -y install ipa-server
# レプリケーション セットアップ

[root@node01 ~]#
ipa-replica-install

Run connection check to master
Connection check OK
Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot

.....
.....

  [7/9]: stopping directory server
  [8/9]: restoring configuration
  [9/9]: starting directory server
Done.
Restarting the KDC
[4] レプリケーションホストで正常にセットアップが完了すると、レプリケーションホスト上でもユーザーアカウントの追加等が実施可能です。
[root@node01 ~]#
kinit admin

Password for admin@IPA.SRV.WORLD:
[root@node01 ~]#
ipa user-add fedora --first=Fedora --last=Linux --password

Password:
Enter Password again to verify:
-------------------
Added user "fedora"
-------------------
  User login: fedora
  First name: Fedora
  Last name: Linux
  Full name: Fedora Linux
  Display name: Fedora Linux
  Initials: FL
  Home directory: /home/fedora
  GECOS: Fedora Linux
  Login shell: /bin/bash
  Principal name: fedora@IPA.SRV.WORLD
  Principal alias: fedora@IPA.SRV.WORLD
  Email address: fedora@ipa.srv.world
  UID: 1032500500
  GID: 1032500500
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True

[root@node01 ~]#
ipa user-find

---------------
6 users matched
---------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  Principal alias: admin@IPA.SRV.WORLD
  UID: 1032400000
  GID: 1032400000
  Account disabled: False

  User login: cent
  First name: cent
  Last name: cent
  Home directory: /home/cent
  Login shell: /bin/bash
  Principal name: cent@IPA.SRV.WORLD
  Principal alias: cent@IPA.SRV.WORLD
  Email address: cent@ipa.srv.world
  UID: 1032400001
  GID: 1032400001
  Account disabled: False

.....
.....

  User login: fedora
  First name: Fedora
  Last name: Linux
  Home directory: /home/fedora
  Login shell: /bin/bash
  Principal name: fedora@IPA.SRV.WORLD
  Principal alias: fedora@IPA.SRV.WORLD
  Email address: fedora@ipa.srv.world
  UID: 1032500500
  GID: 1032500500
  Account disabled: False
----------------------------
Number of entries returned 6
----------------------------
関連コンテンツ