When you come across this error “LDAP Error: Connect error: TLS error -8054:You are attempting to import a cert with the same issuer” enrolling a client to FreeIPA/IDM server, it means that the existing certificate does not match the one on the IDM server and can be fixed quite easily with just one command. The scenario in which this can happen is that you might have had the client enrolled to a different IDM server previously and the old cert is still lying around.
Category: Infra Management
It’s now possible to install both Puppet Master and Agent on the same host with different certs for each, to avoid future conflicts when managing master server with puppet. You need to have 2 seperate entries on puppet.conf, one in [master] and one in [agent] so that separate certs are generated.
This article shows you how to Automate iptables for the whole infrastructure (linux/unix) and maintain the state during the lifecycle of a host. We would need to install 2 modules from PuppetLabs so that we can assign Rules based on the requirements, whether its from one destination to another or from one host to multiple destinations or vice-versa.
- puppetlabs/Firewall = Standard module for iptables.
- puppetlabs/Firewall_multi = Module that takes care off when adding multiple source/destination/ports in one Rule.
When adding multiple users in IDM/freeIPA its a pain inputting each user and its time consuming. This script/one liner allows you to enter multiple users at one go and it includes non-interactively specifying a password. The following script allows creating multipe users in IPA and then adding the required attributes as well.
This article covers the setup and configuration of PuppetDB and Puppetmaster on separate nodes/hosts. I have used PostgreSQL as PuppetDB backend instead of HSQLDB as it’s much easier to query and troubleshoot any issues you comes across especially when using Puppet exported resources. Follow this easy-to-follow guide and you should be up and running with a basic config of Puppetmaster and PuppetDB in no time.
It’s possible to get a list of users of active users in IDM/IPA with formatted date and time by running this one liner command. It gets you the list of users with last successsful authentications to IDM/IPA server. Very handy command when it’s required for Audit purposes. It will also give you the list of users who last changed password and you can modify it according to your requirements.
It’s very easy to create a Kickstart tree in Spacewalk and that to in a Automated fashion for provisioning hosts. All you have to do is create a Base Channel for CentOS and then create a Repo and then marry both and then at the time of Repo sync choose the option of “Creating a kickstartable tree”.
Its possible to configure Puppetdb with PostgreSQL as its much more manageable as compared to the in-built DB that comes with Puppetdb i.e. HSQLDB. Plus its much easier to query and troubleshoot any issues you comes across especially when using Puppet Hiera and exported resources. Follow this easy to follow guide and you should be up and running with a basic config of Puppetdb in no time.
Categories
Install Puppet on CentOS and RHEL
It’s easy to setup Puppet server and a client in CentOS and RHEL by following the easy-to-follow steps given in this guide. You will need ROOT access for the install and setup.
Pre-requisites (minimal):
Hardware & Software
CPU: 2 vCPU
RAM: 2GB
Hard Disk : 30GB
OS: CentOS, Red Hat Enterprise Linux v 6.x.x
Architecture : x64
Packages: puppet-server and puppet
It is possible to automatically get a Kerberos Ticket (kinit) generated everytime you login via SSH to a host by editing “.bash_profile”. This also applies to a scenario wherin you are using Red Hat IDM/IPA and want to automate “kinit” instead of a user have to manually type in kinit everytime they login.