3.3. Example: Running the Script Interactively and Silently
3.3.1. Basic Interactive Installation
All that is required to set up an IdM server is to run the
ipa-server-installscript. This launches the script interactively, which prompts for the required information to set up a server, but without more advanced configuration like DNS and CA options.
- Run the
[root@server ~]# ipa-server-install
- Enter the hostname. This is determined automatically using reverse DNS.
Server host name [ipaserver.example.com]:
- Enter the domain name. This is determined automatically based on the hostname.
Please confirm the domain name [example.com]:
- Enter the new Kerberos realm name. This is usually based on the domain name.
Please provide a realm name [EXAMPLE.COM]:
- Enter the password for the Directory Server superuser,
cn=Directory Manager. There are password strength requirements for this password, including a minimum password length (eight characters).
Directory Manager password: Password (confirm):
- Enter the password for the IdM system user account,
admin. This user is created on the machine.
IPA admin password: Password (confirm):
- The script then reprints the hostname, IP address, and domain name. Confirm that the information is correct.
The IPA Master Server will be configured with Hostname: ipaserver.example.com IP address: 192.168.1.1 Domain name: example.com Realm name: EXAMPLE.COM Continue to configure the system with these values? [no]: yes
- After that, the script configures all of the associated services for IdM, with task counts and progress bars.
Configuring NTP daemon (ntpd) [1/4]: stopping ntpd ... Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv): Estimated time 1 minute [1/38]: creating directory server user .... Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds [1/20]: creating certificate server user ... Done configuring certificate server (pki-tomcatd). Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds [1/10]: adding sasl mappings to the directory ... Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring ipa_memcached [1/2]: starting ipa_memcached [2/2]: configuring ipa_memcached to start on boot Done configuring ipa_memcached. Configuring ipa-otpd [1/2]: starting ipa-otpd [2/2]: configuring ipa-otpd to start on boot Done configuring ipa-otpd. Configuring the web interface (httpd): Estimated time 1 minute [1/15]: disabling mod_ssl in httpd ... Done configuring the web interface (httpd). Applying LDAP updates Restarting the directory server Restarting the KDC Sample zone file for bind has been created in /tmp/sample.zone.pUfcGp.db Restarting the web server Setup complete
- Restart the
SSHservice to retrieve the Kerberos principal and to refresh the name server switch (NSS) configuration file:
[root@server ~]# service sshd restart
- Authenticate to the Kerberos realm using the admin user's credentials to ensure that the user is properly configured and the Kerberos realm is accessible.
[root@server ~]# kinit admin Password for admin@EXAMPLE.COM:
- Test the IdM configuration by running a command like
ipa user-find. For example:
[root@server ~]# ipa user-find admin -------------- 1 user matched -------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash UID: 939000000 GID: 939000000 Account disabled: False Password: True Kerberos keys available: True ---------------------------- Number of entries returned 1 ----------------------------
3.3.2. Silent (Non-Interactive) Installation
As shown in Section 3.3.1, “Basic Interactive Installation”, only a few pieces of information are required to configure an IdM server. While the setup script can prompt for this information in interactive mode, this information can also be passed with the setup command to allow automated and unattended configuration:
- Passwords for the IdM administrative user and the Directory Server super user (Directory Manager)
- The server hostname
- The Kerberos realm name
- The DNS domain name
This information can be passed with the
ipa-server-install, along with the
-Uto force it to run without requiring user interaction.
Example 3.1. Basic Installation without Interaction
[root@server ~]# ipa-server-install -a secret12 --hostname=ipaserver.example.com -r EXAMPLE.COM -p secret12 -n example.com -U
The script then prints the submitted values:
To accept the default shown in brackets, press the Enter key. The IPA Master Server will be configured with Hostname: ipaserver.example.com IP address: 192.168.1.1 Domain name: example.com
The server name must be a valid DNS name, which means only numbers, alphabetic characters, and hyphens (-) are allowed. Other characters, like underscores, in the hostname will cause DNS failures. Additionally, the hostname must be all lower-case. No capital letters are allowed.
Then the script runs through the configuration progress for each IdM service, as in Section 3.3.1, “Basic Interactive Installation”.