====== Домен IPA (ALSE17) и ввод машины astralinux ======
===== XCA =====
Настроить XCA и выпустить сертификат KDC
sudo cp /etc/ipa/{ca.crt,ca.crt.backup} -v
sudo cp ROOT_VIRT_CA.crt /etc/ipa/ca.crt -v
===== Поднять домен IPA =====
sudo apt install resolvconf -y
sudo tee -a /etc/network/interfaces << EOF
auto eth0
iface eth0 inet static
address 10.0.2.1/24
gateway 10.0.2.254
dns-nameservers 10.0.2.1
dns-domain virt.int
EOF
sudo systemctl restart networking
sudo hostnamectl set-hostname ipa
#добавить запись в /etc/hosts
10.0.2.1 ipa.virt.int ipa
#sudo apt install fly-admin-freeipa-server
sudo apt install astra-freeipa-server
#sudo astra-freeipa-server -o --ssl -d virt.int && \
sudo astra-freeipa-server -l /./ipa.virt.int.p12 -lp 12345678
sudo reboot
===== Добавление IPA клиента =====
sudo apt install resolvconf -y
sudo tee -a /etc/network/interfaces << EOF
auto eth0
iface eth0 inet static
address 10.0.2.11/24
gateway 10.0.2.254
dns-nameservers 10.0.2.1
dns-domain virt.int
EOF
sudo systemctl restart networking
sudo hostnamectl set-hostname client
#добавить запись в /etc/hosts
sudo tee -a /etc/hosts '10.0.2.11 client.virt.int client'
sudo tee /etc/security/limits.d/90-fsize.conf 2&>/dev/null << EOF
* hard fsize unlimited
* soft fsize unlimited
EOF
#sudo apt install fly-admin-freeipa-client
sudo apt install astra-freeipa-client
sudo astra-freeipa-client -d virt.int