Загрузка данных

apt-get update && apt-get install -y haveged

systemctl enable --now haveged



apt-get install -y tzdata

timedatectl set-timezone Europe/Moscow

apt-get install -y freeipa-server-dns chrony

systemctl enable --now chronyd


Nano etc/cloud/cloud.cfg

#
#


echo "192.168.0.101 infra-srv1.au-team.cloud infra-srv1" > /etc/hosts


ipa-server-install -U --hostname=$(hostname) \
-r AU-TEAM.CLOUD -n au-team.cloud -p P@ssw0rd -a P@ssw0rd \
--setup-dns --forwarder 77.88.8.8 --auto-reverse


kinit admin

ipa group-add developers


 echo "P@ssw0rd" | ipa user-add dev01 --first=dev --last=01 --password

ipa group-add-member developers --users=dev01


echo "P@ssw0rd" | ipa user-add admin01 --first=admin --last=01 --password
ipa group-add-member admins --users=admin01

apt-get update && apt-get install -y task-auth-freeipa


nano etc/chromium/policies/managed/policies.json

{
    "AuthServerAllowlist": "*.au-team.cloud"
}

ipa dnsrecord-add 0.168.192.in-addr.arpa. 102 --ptr-hostname=infra-srv2.au-team.cloud.

ipa dnsrecord-add 0.168.192.in-addr.arpa. 103 --ptr-hostname=infra-srv3.au-team.cloud.


apt-get install -y freeipa-client zip chrony

systemctl enable --now chronyd

ipa-client-install -U -p admin -w P@ssw0rd

ADM-PC:

    Необходимо из-под доменного пользователя admin01 создать ключевую пару для SSH:

ssh-keygen -t rsa

    Так же стоит передать публичный ключ на хосты:

ssh-copy-id admin01@infra-srv1
ssh-copy-id admin01@infra-srv2
ssh-copy-id admin01@infra-srv3