1

I want to create a user in my FreeIPA domain that will be able to automatically add and delete a host created (or deleted) by Foreman. I found 2 permissions:

  • "System: Add Host" and
  • "System: Enroll a Host".

What is their difference?

Peter
  • 822
  • 2
  • 10
  • 23

1 Answers1

0

According to RHEL7 documentation host-add [1] sets a DNS entry in the IPAs DNS server. Enrolling is linked to the ipa-client-install and should be what you need.

Depending on your setup, you might need both, since host-add can be involved during the enrolling of new clients. In case your IPA server does not do DNS, this might not be the case.

[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/adding-host-entry

hargut
  • 3,908
  • 7
  • 10
  • The case is simple: I want to automatically "register" hosts provisioned by Foreman/Katello. Also, I want to register hosts created in AWS and managed by Chef. So, host add probably is not enough. – Peter Jul 14 '18 at 15:32
  • `Host Add` is for sure not enough. But I assume you need both, when FreeIPA is your DNS server and you want to have working DNS entries. – hargut Jul 14 '18 at 16:06
  • Correct. And you need a bunch of other permissions as well. Thankfully, the latest Katello has a script to do this for me :) – Peter Jul 14 '18 at 17:24