overview

The FreeIPA project allows for managment of Linux users and hosts from one central location (per their website). As an organization built on Linux users and hosts, this is an obvious choice for use to deploy in our environment. It allows us not only to manage users and hosts, but configure SSO on applications. [insert-and-there was much rejoycing]. One of the more interesting features that we won’t use is the ability of FreeIPA to integrate with Active Directory offering a way to integrate a windows corporate environment with a unix based one. Very useful if your organization has a decent sized Linux footprint.

requirements

The quick start guide from FreeIPA’s website mentions that this deployment isn’t for the feint of heart. Luckily I’ve deployed it a few times and I have decent documentation from those times archived away. One of the main things to remember is that IPA requires a static hostname for kerberos authentication. We need to make an entry on our host machine in /etc/hosts at least initially to get the server and start the configuration. Other than that, the requirements for FreeIPA are minimal. We’ll be using Rocky Linux to host our IPA boxes because RedHat is a little too corporate for my taste.

cheat mode

In order to make things a little more IaC based and using our infrastructure management systems as much as possible, we’ll be deploying IPA through ansible using this repo provided by the project. We can install the collection on running the following on our ansible host:

https://galaxy.ansible.com/ui/repo/published/freeipa/ansible_freeipa/