From Fedora Project Wiki

(Created page with '{{QA/Test_Case |description=Installation testing. |setup=<ol> <li>Ensure the {{package|freeipa-server}} package is installed:</li> # yum install --enablerepo=updates-testing fre...')
 
m
Line 9: Line 9:
 
</ol>
 
</ol>
 
|actions=
 
|actions=
=== '''Installation (with DNS)''' ===
+
=== '''Installation (without DNS)''' ===
  
 
<ol>
 
<ol>
Line 22: Line 22:
 
</ol>
 
</ol>
  
=== '''Installation (without DNS)''' ===
+
=== '''Installation (with DNS)''' ===
  
 
<ol>
 
<ol>
Line 40: Line 40:
 
<li>FreeIPA provides a way to unininstall the configured services and it does its best to return the system to its previous state. To run the uninstaller execute:</li>
 
<li>FreeIPA provides a way to unininstall the configured services and it does its best to return the system to its previous state. To run the uninstaller execute:</li>
  
  # ipa-server-install --uninstall
+
  # ipa-server-install --uninstall -U
  
 
</ol>
 
</ol>

Revision as of 13:49, 14 February 2011

Description

Installation testing.

Setup

  1. Ensure the Package-x-generic-16.pngfreeipa-server package is installed:
  2. # yum install --enablerepo=updates-testing freeipa-server
    
  3. (optional) To install with DNS, ensure the Package-x-generic-16.pngbind and Package-x-generic-16.pngbind-dyndb-ldap packages are installed.
  4. Make sure /etc/hosts is sane. This means that your host will be listed on a separate line with its IP address with the FQDN listed first, this is necessary to avoid chicken/egg issues when the DNS is installed as name resolution for the public host name is needed to start the DNS itself (to init krb credentials). In particular the hostname SHOULD not appear in either the IPv4 or IPv6 localhost lines.
  5. If you have an existing AD server in your network choose a unique name for the IPA server realm name. Clients that use DNS autodiscovery to find the KDC to use may get confused and try to authenticate to the AD KDC.

How to test

Installation (without DNS)

  1. For a fully-interactive install run:
  2. # ipa-server-install
    

    You can optionally provide all options on the command-line:

    # ipa-server-install -a secret123 -p 123Secret --domain=freeipa.org --realm=FREEIPA.ORG -U
    

Installation (with DNS)

  1. To install with DNS run:
  2. # ipa-server-install --setup-dns
    

    Or with all options on the command-line:

    # ipa-server-install -a secret123 -p 123Secret --domain=freeipa.org --realm=FREEIPA.ORG --setup-dns -U
    

Uninstallation

  1. FreeIPA provides a way to unininstall the configured services and it does its best to return the system to its previous state. To run the uninstaller execute:
  2. # ipa-server-install --uninstall -U
    

Expected Results

Installation

  1. Verify the basics:
  2. Ideally each of these installation steps will conclude with no errors and a running set of IPA services.

    To briefly test the installation:

    # kinit admin (the password is the admin password, or the password from -a)
    

    Show our own user entry:

    # ipa user-show admin
    

    And make sure nss can see us too:

    # id admin
    # getent passwd admin
    
  3. Verify Services:
  4. We install a number of SSL certificates that should be automatically managed by certmonger:

    # ipa-getcert list
    

    There should be 3 certificates, all in MONITORING. The certificates should be in the following NSS databases:

    * /etc/pki/nssdb
    * /etc/httpd/alias
    * /etc/dirsrv/slapd-FREEIPA-ORG
    
    # kinit admin
    # ipa service-find
    

    There should be 2 services: ldap and HTTP for your FreeIPA server

  5. Verify DNS (if installed):
  6. Verify these only if you installed with a DNS server.

    # dig server.freeipa.org. (yes, add a trailing dot)
    

    Look for a line like this in the output:

    server.freeipa.org.      86400   IN      A       192.168.0.1
    
    # host server.freeipa.org
    server.freeipa.org has address 192.168.0.1
    
    # ipa dns-resolve server.freeipa.org
    ---------------------------
    Found 'server.freeipa.org.'
    ---------------------------
    
    # ipa host-show server.freeipa.org
      Host name: server.freeipa.org
      Principal name: host/server.freeipa.org@FREEIPA.ORG
      Keytab: True
      Managed by: server.freepia.org
    

Uninstallation

  1. Un-installation is intended for developers. It is a best-as-we-can restoration of files primarily to prepare the server to be re-installed.
  2. To verify that the server is in a state where it can be re-installed re-run ipa-server-install:

    # ipa-server-install
    

    If something failed in the un-installation you would get an error message that the server is already installed/configured.