3.2. About ipa-server-install
ipa-server-installscript. This script can accept user-defined settings for services, like DNS and Kerberos, that are used by the IdM instance, or it can supply predefined values for minimal input from the administrator.
- The network time daemon (ntpd)
- A 389 Directory Server instance
- A Kerberos key distribution center (KDC)
- Apache (httpd)
- An updated SELinux targeted policy
- The Active Directory WinSync plug-in
- A certificate authority
- Optional. A domain name service (DNS) server
ipa-server-installcan be run without any options, so that it prompts for the required information, it has numerous arguments which allow the configuration process to be easily scripted or to supply additional information which is not requested during an interactive installation.
ipa-server-install. The full list of options are in the
ipa-server-installoptions are versatile enough to be customized to the specific deployment environment to install and configure different services as needed.
Table 3.1. ipa-server-install Options
|-a ipa_admin_password||The password for the IdM administrator. This is used for the admin user to authenticate to the Kerberos realm.|
|--hostname=hostname|| The fully-qualified domain name of the IdM server machine.
This must be a valid DNS name, which means only numbers, alphabetic characters, and hyphens (-) are allowed. Other characters, like underscores, in the hostname will cause DNS failures.
Additionally, the hostname must be all lower-case. No capital letters are allowed.
|-n domain_name||The name of the LDAP server domain to use for the IdM domain. This is usually based on the IdM server's hostname.|
|-p directory_manager_password|| The password for the superuser, |
|-P kerberos_master_password||The password for the KDC administrator. This is randomly generated if no value is given.|
|-r realm_name||The name of the Kerberos realm to create for the IdM domain.|
|--subject=subject_DN|| Sets the base element for the subject DN of the issued certificates. This defaults to |
|--forwarder=forwarder||Gives a DNS forwarder to use with the DNS service. To specify more than one forwarder, use this option multiple times.|
|--no-forwarders||Uses root servers with the DNS service instead of forwarders.|
|--no-reverse||Does not create a reverse DNS zone when the DNS domain is set up. (If a reverse DNS zone is already configured, then that existing reverse DNS zone is used.) If this option is not used, then the default value is true, which assumes that reverse DNS should be configured by the installation script.|
|--setup-dns||Tells the installation script to set up a DNS service within the IdM domain. Using an integrated DNS service is optional, so if this option is not passed with the installation script, then no DNS is configured.|
|--idmax=number||Sets the upper bound for IDs which can be assigned by the IdM server. The default value is the ID start value plus 199999.|
|--idstart=number||Sets the lower bound (starting value) for IDs which can be assigned by the IdM server. The default value is randomly selected.|
|--ip-address|| Specifies the IP address of the server. When added to |