Difference between revisions of "Network Overview"
m |
|||
| Line 17: | Line 17: | ||
=== How to Create a New User === | === How to Create a New User === | ||
| − | Point your browser to [https://freeipa.spark.spork https://freeipa.spark.spork] while on the Spark network and login with administrator credentials. | + | Point your browser to[https://freeipa.spark.spork https://freeipa.spark.spork] |
| + | |||
| + | while on the Spark network and login with administrator credentials. | ||
[[image:FreeIPA login.png|300p|thumb|FreeIPA Login Page]] | [[image:FreeIPA login.png|300p|thumb|FreeIPA Login Page]] | ||
| − | Once logged in, on the '''Identity | + | Once logged in, on the '''Identity > Users''' tab, click the '''Add''' button on the primary section. Enter the user's information. Spark uses a username format of first initial + last name. If this username is already in use, use full first name instead of first initial. |
=== How to enroll a new Ubuntu machine === | === How to enroll a new Ubuntu machine === | ||
| Line 65: | Line 67: | ||
DEBIAN_FRONTEND=noninteractive apt-get -y install freeipa-client | DEBIAN_FRONTEND=noninteractive apt-get -y install freeipa-client | ||
ipa-client-install --hostname=$(hostname -f) --server=freeipa.spark.spork \ | ipa-client-install --hostname=$(hostname -f) --server=freeipa.spark.spork \ | ||
| − | --domain spark.spork --no-ntp --unattended --principal admin --password | + | --domain=spark.spork --no-ntp --unattended --principal=admin --password='<PASSWORD_GOES_HERE!!!!!!!!!!!!!!!!!!!!!!!!>'\ |
| − | ' | + | --realm=SPARK.SPORK --mkhomedir |
sed -i '/ticket_lifetime/a renew_lifetime = 28d' /etc/krb5.conf | sed -i '/ticket_lifetime/a renew_lifetime = 28d' /etc/krb5.conf | ||
service sssd restart</nowiki> | service sssd restart</nowiki> | ||
Revision as of 03:27, 29 November 2021
Spark Makerspace Network Overview
This page is intended to give you an overview of the network at Spark Makerspace.
Network Graph
Editable Network Graph on yEd Live
Domain
Spark is using FreeIPA to manage host and user identities. While it's not a replacement for a Microsoft Active Directory domain controller, it get us close for the low price of free!
How to Create a New User
Point your browser tohttps://freeipa.spark.spork
while on the Spark network and login with administrator credentials.
Once logged in, on the Identity > Users tab, click the Add button on the primary section. Enter the user's information. Spark uses a username format of first initial + last name. If this username is already in use, use full first name instead of first initial.
How to enroll a new Ubuntu machine
1. Set hostname
$ sudo hostnamectl set-hostname new-host.spark.spork
2. Install freeipa-client package
$ sudo apt install -y freeipa-client
3. Edit /etc/hosts
$ sudo vim /etc/hosts # Add FreeIPA Server IP and hostname 10.11.12.156 freeipa.spark.spork freeipa
4. Register host
$ sudo ipa-client-install --hostname=`hostname -f` \ --mkhomedir \ --server=freeipa.spark.spork \ --domain spark.spork \ --realm SPARK.SPORK
You can proceed with fixed values and no DNS discovery. It's also fine to not configure NTP.
5. Enable mkhomedir.
$ sudo bash -c "cat > /usr/share/pam-configs/mkhomedir" <<EOF Name: activate mkhomedir Default: yes Priority: 900 Session-Type: Additional Session: required pam_mkhomedir.so umask=0022 skel=/etc/skel EOF
Then run
$ sudo pam-auth-update
Ensure that "activate mkhomedir" is checked and hit enter when prompted.
Or just use the shell script here as cloud-init userdata
#!/bin/bash
HOSTNAME=$(hostname)
IP=$(hostname -i | awk '{print $1}')
echo "$HOSTNAME.spark.spork" > /etc/hostname
FQDN="$HOSTNAME.spark.spork"
echo "FQDN is: $FQDN"
sed -i "1 i\
$IP $FQDN $HOSTNAME" /etc/hosts
echo "10.11.12.156 freeipa.spark.spork freeipa" >> /etc/hosts
apt-get -y update
apt-get install -y nfs-kernel-server nfs-common
DEBIAN_FRONTEND=noninteractive apt-get -y install freeipa-client
ipa-client-install --hostname=$(hostname -f) --server=freeipa.spark.spork \
--domain=spark.spork --no-ntp --unattended --principal=admin --password='<PASSWORD_GOES_HERE!!!!!!!!!!!!!!!!!!!!!!!!>'\
--realm=SPARK.SPORK --mkhomedir
sed -i '/ticket_lifetime/a renew_lifetime = 28d' /etc/krb5.conf
service sssd restart