Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
3.4. Setting up an IdM Client Through Kickstart
A Kickstart enrollment automatically adds a new system to the IdM domain at the time Red Hat Enterprise Linux is installed. For details on Kickstart, see Kickstart Installations in the Installation Guide.
Preparing for a Kickstart client installation includes these steps:
3.4.1. Pre-creating a Client Host Entry on the IdM Server
- Log in as admin:
kinit admin
$ kinit adminCopy to Clipboard Copied! - Create the host entry on the IdM server, and set a temporary password for the entry:
ipa host-add client.example.com --password=secret
$ ipa host-add client.example.com --password=secretCopy to Clipboard Copied! The password is used by Kickstart to authenticate during the client installation and expires after the first authentication attempt. After the client is successfully installed, it authenticates using its keytab.
3.4.2. Creating a Kickstart File for the Client
A Kickstart file used to set up an IdM client must include the following:
- The ipa-client package in the list of packages to be installed:
%packages @ X Window System @ Desktop @ Sound and Video ipa-client ...
%packages @ X Window System @ Desktop @ Sound and Video ipa-client ...Copy to Clipboard Copied! See Package Selection in the Installation Guide for details. - Post-installation instructions that:
- ensure SSH keys are generated before enrollment
- runs the
ipa-client-installutility, specifying:- all required information to access and configure the IdM domain services
- the password which you set when pre-creating the client host on the IdM server, in Section 3.4.1, “Pre-creating a Client Host Entry on the IdM Server”
For example:%post --log=/root/ks-post.log # Generate SSH keys to ensure that ipa-client-install uploads them to the IdM server /usr/sbin/sshd-keygen # Run the client install script /usr/sbin/ipa-client-install --hostname=client.example.com --domain=EXAMPLE.COM --enable-dns-updates --mkhomedir -w secret --realm=EXAMPLE.COM --server=server.example.com
%post --log=/root/ks-post.log # Generate SSH keys to ensure that ipa-client-install uploads them to the IdM server /usr/sbin/sshd-keygen # Run the client install script /usr/sbin/ipa-client-install --hostname=client.example.com --domain=EXAMPLE.COM --enable-dns-updates --mkhomedir -w secret --realm=EXAMPLE.COM --server=server.example.comCopy to Clipboard Copied!
For a non-interactive installation, add also the--unattendedoption.To let the client installation script request a certificate for the machine:- Add the
--request-certoption toipa-client-install. - Set the system bus address to
/dev/nullfor both thegetcertandipa-client-installutility in the kickstartchrootenvironment. To do this, add these lines to the post-installation instruction file before theipa-client-installinstruction:env DBUS_SYSTEM_BUS_ADDRESS=unix:path=/dev/null getcert list env DBUS_SYSTEM_BUS_ADDRESS=unix:path=/dev/null ipa-client-install
# env DBUS_SYSTEM_BUS_ADDRESS=unix:path=/dev/null getcert list # env DBUS_SYSTEM_BUS_ADDRESS=unix:path=/dev/null ipa-client-installCopy to Clipboard Copied!
NoteRed Hat recommends not to start thesshdservice prior to the kickstart enrollment. While startingsshdbefore enrolling the client generates the SSH keys automatically, using the above script is the preferred solution.See Post-installation Script in the Installation Guide for details.
For details on using Kickstart, see How Do You Perform a Kickstart Installation? in the Installation Guide. For examples of Kickstart files, see Sample Kickstart Configurations.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}