rolekit.roles.domaincontroller man page

rolekit.roles.domaincontroller — rolekit Domain Controller Role Documentation

Description

The Domain Controller role provides a comprehensive identity management solution for Linux clients. This role can provide management tools for users, user-groups, systems, name resolution and more.

Deployment

The Domain Controller role can be deployed using the rolectl command-line utility or through the rolekit D-BUS API. When using the rolectl tool, a settings file must be created in the JSON format.

Mandatory Settings

These settings must always be present or the deployment will be unable to complete.

All settings for the Domain Controller Server Role are optional.

Optional Settings

This section provides a list of optional settings for deployment.

host_name

Set a new hostname for the domain controller.

Default: unset. Uses the existing machine hostname or generates a random hostname of the type dc-<16 characters> if the machine hostname is currently a local-only name (such as “localhost”.

domain_name

The name of the domain that the new controller should create.

Default: Uses the role instance name if it is a valid domain.

realm_name

The name of the Kerberos single-sign-on realm to be created.

Default: unset. Autodetected as the domain_name in all upper-case.

admin_password

Specify the initial password for the “admin” user of FreeIPA. This password can be changed later through normal password-change operations.

Default: unset. If not specified, a random password will be generated and retrievable later through the D-BUS API via:

rolectl settings domaincontroller/<instance>

dm_password

The password for the Directory Manager account on the FreeIPA LDAP server. This option cannot easily be changed later.

Default: unset. If not specified, a random password will be generated and retrievable later through the D-BUS API via:

rolectl settings domaincontroller/<instance>

serve_dns

If this option is set to true, the Domain Controller will also function as a DNS server.

Default: true

primary_ip

The IP address of the public ethernet interface on the system.

This option is mandatory if serve_dns is true (default).

reverse_zone

If this option is set, the DNS server will also manage the reverse zone specified by the arguments in the form 122.168.192.in-addr.arpa.

This option accepts multiple values. This must be in the form of an array:

"reverse_zone": ["122.168.192.in-addr.arpa.",
                 "0.0.10.in-addr.arpa."]

Default: unset. Do not serve the reverse zone

dns_forwarders

Set the DNS forwarder addresses. This must be in the form of a dictionary:

"dns_forwarders": {"ipv4": [
                            "198.41.0.4",  # a.root-servers.net
                            "192.228.79.201",  # b.root-servers.net
                            "192.33.4.12"],  # c.root-servers.net
                   "ipv6": [
                            "2001:500:2d::d",  # d.root-servers.net
                            "2001:500:2f::f",  # f.root-servers.net
                            "2001:500:1::803f:235"]  # h.root-servers.net
                  }

This option is only used if serve_dns is true.

Default: unset. If not specified, the DNS forwarders will default to the public root servers.

id_start

Manually select the lower bound for IDs in the created domain.

Default: unset. A range of 200,000 IDs is randomly selected (Recommended)

Note 1: Additional ranges can be added using the FreeIPA administration UI later.

Note 2: If this option is specified, id_max must also be specified.

id_max

Manually select the upper bound for IDs in the created domain.

Default: unset. A range of 200,000 IDs is randomly selected (Recommended)

Note 1: Additional ranges can be added using the FreeIPA administration UI later.

Note 2: If this option is specified, id_start must also be specified.

Example Settings.Json

{
  "admin_password": "rolekitrules!",
  "serve_dns": true,
  "primary_ip": "192.168.122.2",
  "id_start": 200000,
  "id_max": 400000
}

See Also

rolekit(1), rolectl(1), roled(5), rolekit.dbus(5), rolekit.roles(5), rolekit.roles.databaseserver(5), rolekit.roles.domaincontroller(5)

Notes

rolekit home page at github.com:

Authors

Thomas Woerner <twoerner@redhat.com>

Developer

Stephen Gallagher <sgallagh@redhat.com>

Developer

Miloslav Trmač <mitr@redhat.com>

Developer

Nils Philippsen <nils@redhat.com>

Developer

Referenced By

rolectl(1), roled(1), rolekit(5), rolekit.dbus(5), rolekit.roles(5), rolekit.roles.databaseserver(5), rolekit.roles.memcache(5).

rolekit 0.5.1 rolekit.roles.domaincontroller