Домен IPA (ALSE17) и ввод машины astralinux

XCA

Настроить XCA и выпустить сертификат KDC

sudo cp /etc/ipa/{ca.crt,ca.crt.backup} -v
sudo cp ROOT_VIRT_CA.crt /etc/ipa/ca.crt -v

Поднять домен IPA

sudo apt install resolvconf -y
sudo tee -a /etc/network/interfaces << EOF
auto eth0
iface eth0 inet static
  address 10.0.2.1/24
  gateway 10.0.2.254
  dns-nameservers 10.0.2.1
  dns-domain virt.int
EOF
sudo systemctl restart networking

sudo hostnamectl set-hostname ipa

#добавить запись в /etc/hosts
10.0.2.1 ipa.virt.int ipa

#sudo apt install fly-admin-freeipa-server
sudo apt install astra-freeipa-server

#sudo astra-freeipa-server -o --ssl -d virt.int && \
sudo astra-freeipa-server -l /./ipa.virt.int.p12 -lp 12345678
sudo reboot

Добавление IPA клиента

sudo apt install resolvconf -y
sudo tee -a /etc/network/interfaces << EOF
auto eth0
iface eth0 inet static
  address 10.0.2.11/24
  gateway 10.0.2.254
  dns-nameservers 10.0.2.1
  dns-domain virt.int
EOF
sudo systemctl restart networking

sudo hostnamectl set-hostname client
#добавить запись в /etc/hosts
sudo tee -a /etc/hosts '10.0.2.11 client.virt.int client'

</code>

sudo tee /etc/security/limits.d/90-fsize.conf 2&>/dev/null << EOF
* hard fsize unlimited
* soft fsize unlimited
EOF
#sudo apt install fly-admin-freeipa-client
sudo apt install astra-freeipa-client

sudo astra-freeipa-client -d virt.int