FreeIPA has existed for some time as RHE IPA for Red Hat Linux and has been added into Fedora. Still, since it is an extra add-on to RHEL, CentOS hasn’t gotten it rebuilt yet. That’s a shame because FreeIPA is an easy to configure, easy to manage security information management solution. If, like me, you want to use IPA with CentOS, this tutorial is for you.
- You have installed Centos 5.2 with at least the minimal package set (unchecked everything during install) and that you have fully updated it with CentOS’s repositories.
- I built these RPMs on a 32-bit i386 system but I imagine building them on x86_64 or others would be very similar
- You have a basic working knowledge of Linux commands (moving files, etc)
- You are running the following as root
- Red Hat, CentOS, and EPEL haven’t moved all of these packages to some excitingly new and obscure location. If so, you may have to Google a bit to find them all.
Download and install centos-ds rpm
- CentOS and EPEL have already compiled some of the necessary packages. Why rebuild packages if someone else has already done the work for you? This way they’ll also update down the road if updates are added into the repositories!
- Create a file at /etc/yum.repos.d/CentOS-testing.repo with the following contents:
[testing] name=CentOS-$releasever - Testing baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/ gpgcheck=1 enabled=1 gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
- Run the following commands to download and install some of the existing RPMs:
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
yum install centos-ds-base-devel centos-ds centos-ds-admin-console python-psycopg2
yum clean all
Download the source packages from RedHat
- Run the following commands to download the necessary SRPMS:
mkdir ~/srcbuild; cd ~/srcbuild/
wget -r -l 1 http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEIPA/SRPMS/
mv ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEIPA/SRPMS/*.rpm .
- Remove RPMs we won’t need
- Remove older versions of rpms (ex: if there are 3 versions of ipa, only keep the newest)
- Also remove redhat-ds* since we already installed centos-ds
- Remove python-psycopg2 since we installed that from EPEL
Use yum to get some necessary development packages
- Run the following command to download the required packages:
yum install gcc gcc-c++ automake autoconf rpm-build mozldap-devel openssl-devel openldap-devel krb5-devel nss-devel libcap-devel python-devel libtool selinux-policy-devel python-setuptools-devel bison flex ncurses-devel texinfo tetex-latex pam-devel httpd-devel apr-devel apr-util-devel postgresql-devel sqlite-devel
Build TurboGears and the krb5 packages first
- Run the following commands:
rpmbuild –rebuild TurboGears*.rpm krb5-server-ldap*.rpm python-kerberos python-tgexpandingformwidget*.rpm mod_nss*.rpm
- There will be quite a bit of output to the console while you do this – don’t let that scare you. If there is an error, rpmbuild will stop running and tell you something was missing.
- If rpmbuild fails to build the package because you are missing a package, perform a “yum search” for the package, install it, and try the above command again.
- When rpmbuild finishes without errors, it will print “exit 0” to the screen and then stop outputting information
- When rpmbuild is done, you can install TurboGears with the following command:
yum install /usr/src/redhat/RPMS/*/*.rpm
- We’ll also build IPA on its own since it requires a small modification. To start, run these commands:
rpm -Uvh ipa-*.src.rpm
mv ipa.spec ipa.spec.save
sed -e “s/redhat-ds/centos-ds/g” ipa.spec.save > ipa.spec
rpmbuild -bb ipa.spec
- If there are errors when building, try to install the missing packages with yum and run the rpmbuild command again. Once it completes, install all of the packages we’ve built so far with the following command:
yum install /usr/src/redhat/RPMS/*/*.rpm
Build the rest of the rpms
- At this point we’re finally ready to build the rest of the RPMs needed for IPA to work correctly. Build them with the following commands:
rpmbuild –rebuild *.rpm
- This may fail a few times just like the other times. Repeat as needed.
Find the rpms
- The finished RPMs are all located in /usr/src/redhat/RPMS/. For a list of all of them, you can run the following command:
find /usr/src/redhat/|grep “rpm$”
- Move or copy the RPMs somewhere you can find them. You’ll need some of these for the IPA client machines and all of them if you want to install multiple IPA servers so keep all of them.
- Remember that you downloaded the centos-ds and other RPMs from testing and EPEL. You’ll need to download them or add in the testing and EPEL repos for clients so they can get all of the packages.
- If you have a spacewalk server, you can now rhnpush the RPMs into it and use yum for any future clients and servers!
Configure the server and clients using Red Hat’s documentation
- I won’t go into documenting the configuration process as that has been very well done by Red Hat already. Their documentation is located at http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_IPA/
- Of particular importance are the Installation and Deployment Guide and the Client Configuration Guide