LEARN HOW TO INSTALL FREEIPA OPEN SOURCE IDENTITY MANAGEMENT SERVER ON CENTOS 7 IN THE CLOUD ON AWS
In order to complete this tutorial, the following is a list of items that may be needed or required. Please ensure to have these items available before taking implementation action on this tutorial to ensure success:
1) A desktop or laptop with atleast 4GB RAM, a dual core processor and 50 GB of free disk space
2) If you choose to install on you computer you will need virtualization software i.e VIRTUALBOX
3) The CENTOS 7 disk image file (for on premise / on device installation)
4) An AWS free tier account and access to the AWS LIGHTSAIL web application
5) A AWS ROUTE53 domain with an A record pointing to the CENTOS 7 instance.
1) Log into your AWS account, open the LIGHTSAIL web app and create a new CENTOS 7 instance
2) Download the KEYPAIR FILE for the instance, connect via SSH and install package updates
3) Change the hostname of the CENTOS 7 SERVER instance and start the FREEIPA package installation process.
4) Configure the IPv4 firewall in AWS LIGHTSAIL to permit access to the FREEIPA web based dashboard
5) Open a web browser and log into the FREEIPA web based dashboard
STEP 1: Log into your AWS account, open the LIGHTSAIL web app and create a new CENTOS 7 instance
1) Click HERE to go to the AWS log in page and enter your IAM credentials or root user account credentials to log in. Once you have logged in use the search bar on the console dashboard to search for LIGHTSAIL. Click on the “LIGHTSAIL” search result to open the AWS LIGHTSAIL web app. Once it open click on the CREATE INSTANCE button to open the INSTANCE creation wizard.
2) On the CREATE AN INSTANCE page, select an INSTANCE LOCATION and select LINUX / UNIX on the SELECT A PLATFORM section. On the SELECT A BLUEPRINT section click on the OS ONLY button and select the CENTOS 7 instance type.
3) Scroll down to the SELECT YOUR INSTANCE PLAN section and select the $20USD per month plan which will create an instance with 4GB RAM, an 80GB SSD and a dual core processor.
4) Next, give the instance a descriptive name on the IDENTIFY YOUR INSTANCE text input box, scroll down and click on the CREATE INSTANCE button.
5) Once the INSTANCE creation process is complete, click on the NETWORKING tab and click on the CREATE STATIC IP button. Select the FREEIPA-SERVER CENTOS 7 instance on the ATTACH TO AN INSTANCE drop down, type in a descriptive name to identify the IP ADDRESS that you are allocating and click on the CREATE button
6) Go back to the AWS CONSOLE and open the ROUTE53 dashboard. Click on HOSTED ZONES and click on your domain name. Click on CREATE RECORD, copy the IP ADDRESS that you attached to the FREEIPA CENTOS 7 instance and paste it on the VALUE input box. Set the record type to A -RECORD, the RECORD NAME to “freeipa-server” and click on CREATE RECORD.
This will create an A record of freeipa-server.billysoftwebservices.com pointing to the public ip address of the FREEIPA CENTOS 7 instance.
7) Next, go back to the AWS LIGHTSAIL web application, click on the FREEIPA CENTOS 7 instance and on the CONNECT tab, scroll down and click on the DOWNLOAD DEFAULT KEY link. This will download the keypair file that you will use to connect to the CENTOS INSTANCE via SSH.
STEP 2: Download the KEYPAIR FILE for the instance, connect via SSH AND INSTALL PACKAGE UPDATES.
8) Next, open your terminal application, and run the following commands to change your working directory to the download folder, change the permissions on the keypair file to read only and to connect to the instance via ssh:
chmod 400 name-of-keypair-file
ssh -i ‘name-of-keypair-file’ centos@ip-address-of-centos-instance
9) Next, run the following commands to install system and package updates & upgrades:
yum update && yum upgrade
STEP 3: Change the hostname of the CENTOS 7 SERVER instance and start the FREEIPA package installation process.
10) Once the update process is complete, reboot the instance, change the hostname for the FREEIPA CENTOS 7 instance. Run the following command to install the epel-repository, bind-util and the ipa-server package:
yum -y install epel-release
yum -y update
yum -y install bind-utils vim
yum -y install ipa-server
NB: RUN ONE COMMAND AT A TIME.
11) Next, run the following command to open the /etc/hosts file to configure a new hostname for the server:
yum install nano -y
add the following in the file using the format below ( To check the LAN IP address USE the command ip add list):
ip-address-of-server freeipa-server.yourdomain.com freeipa-server
12) Next, run the following command to set the new hostname for the CENTOS 7 SERVER instance:
hostnamectl set-hostname freeipa-server
And to ensure that the new hostname persists across server reboots, edit the cloud.cfg file:
Add the following string to the bottom of the /etc/cloud/cloud.cfg file to be sure that the new hostname is preserved between restarts and reboots:
13) Restart the CENTOS 7 SERVER instance and run the following command to configure IPA server. You need to execute this as root user:
Reconnect to the server and run the command:
sudo ipa-server install
The installer will prompt “DO YOU WANT TO CONFIGURE INTEGRATED DNS (BIND) ? [no]: ” Type in the word NO and press enter to disallow this.
14) Next, you will be prompted to enter an FQDN as well as HOSTNAME, press ENTER on each prompt to leave the hostname that you set in the previous step and on the DIRECTORY MANAGER PASSWORD prompt, enter any password that you would like and press ENTER.
15) Next the FREEIPA configuration script will prompt you to set a password for the admin account. Type in a secure password that is not easy to guess on the IPA ADMIN PASSWORD and PASSWORD (CONFIRM) fields. You will also see information about the FREEIPA server such as the HOSTNAME and domain name that you have configured. On the CONTINUE TO CONFIGURE THE SYSTEM WITH THESE VALUES? prompt, Type in the word YES and press ENTER.
16) Once the configuration process is complete, run the following commands to test the FREEIPA server:
STEP 4: Configure the IPv4 firewall in AWS LIGHTSAIL to permit access to the FREEIPA web based dashboard
17) Open the AWS LIGHTSAIL web app and click on the name of the FREEIPA instance. Click on the NETWORKING tab and on the IPV4 FIREWALL section, click on ADD RULE. Select HTTPS on the APPLICATION drop down and click on CREATE
18) Open up a new browser tab and go to freeipa-server.yourdomain-name.com. If you get an SSL certificate error, thats because FREEIPA uses a self signed certificate for security reasons. Click on advanced and click on PROCEED or any other link that allows you to proceed wit the connection.
STEP 5: LOG INTO THE FREEIPA DASHBOARD
19) Enter your username and password on the log in page and you should see a dashboard as shown in the image below. You should now be able to configure client devices and start using FREEIPA in your organisation