一、yum install -y ipa-server

二、安装ipa服务

ipa-server-install [Options]

Options:

  --version             show program's version number and exit

  -h, --help            show this help message and exit


  basic options:

    -r REALM_NAME, --realm=REALM_NAME

                        realm name

    -n DOMAIN_NAME, --domain=DOMAIN_NAME

                        domain name

    -p DM_PASSWORD, --ds-password=DM_PASSWORD

                        admin password

    -P MASTER_PASSWORD, --master-password=MASTER_PASSWORD

                        kerberos master password (normally autogenerated)

    -a ADMIN_PASSWORD, --admin-password=ADMIN_PASSWORD

                        admin user kerberos password

    --hostname=HOST_NAME

                        fully qualified name of server

    --ip-address=IP_ADDRESS

                        Master Server IP Address

    -N, --no-ntp        do not configure ntp

    --idstart=IDSTART   The starting value for the IDs range (default random)

    --idmax=IDMAX       The max value value for the IDs range (default:

                        idstart+199999)

    --no_hbac_allow     Don't install allow_all HBAC rule

    --no-ui-redirect    Do not automatically redirect to the Web UI

    --ssh-trust-dns     configure OpenSSH client to trust DNS SSHFP records

    --no-ssh            do not configure OpenSSH client

    --no-sshd           do not configure OpenSSH server

    -d, --debug         print debugging information

    -U, --unattended    unattended (un)installation never prompts the user


  certificate system options:

    --external-ca       Generate a CSR to be signed by an external CA

    --external_cert_file=EXTERNAL_CERT_FILE

                        File containing PKCS#10 certificate

    --external_ca_file=EXTERNAL_CA_FILE

                        File containing PKCS#10 of the external CA chain

    --dirsrv_pkcs12=DIRSRV_PKCS12

                        PKCS#12 file containing the Directory Server SSL

                        certificate

    --http_pkcs12=HTTP_PKCS12

                        PKCS#12 file containing the Apache Server SSL

                        certificate

    --dirsrv_pin=DIRSRV_PIN

                        The password of the Directory Server PKCS#12 file

    --http_pin=HTTP_PIN

                        The password of the Apache Server PKCS#12 file

    --subject=SUBJECT   The certificate subject base (default O=<realm-name>)

    --selfsign          Configure a self-signed CA instance rather than a

                        dogtag CA. WARNING: Certificate management

                        capabilities will be limited


  DNS options:

    --setup-dns         configure bind with our zone

    --forwarder=FORWARDERS

                        Add a DNS forwarder

    什么是DNS forwarder:http://technet.microsoft.com/zh-cn/ff622996.aspx

    --no-forwarders     Do not add any DNS forwarders, use root servers

                        instead

    --reverse-zone=REVERSE_ZONE

                        The reverse DNS zone to use

    什么是reverse DNS zone:The Domain Name System (DNS) is a globally distributed Internet service. Among other services, it provides name-to-number (forward) and number-to-name (reverse) translations using defined client-server and server-server protocols. The DNS is a public service and any user is freely able to query the DNS system for forward or reverse translations.

    http://www.apnic.net/apnic-info/whois_search/about-whois/what-is-in-whois/reverse-dns


    --no-reverse        Do not create reverse DNS zone

    --zonemgr=ZONEMGR   DNS zone manager e-mail address. Defaults to

                        hostmaster@DOMAIN

    --no-persistent-search

                        Do not enable persistent search feature in the name

                        server

    --zone-refresh=ZONE_REFRESH

                        When set to non-zero the name server will use DNS zone

                        detection based on polling instead of a persistent

                        search

    --no-host-dns       Do not use DNS for hostname lookup during installation

    --no-dns-sshfp      Do not automatically create DNS SSHFP records

    --no-serial-autoincrement

                        Do not enable SOA serial autoincrement


  uninstall options:

    --uninstall         uninstall an existing installation. The uninstall can

                        be run with --unattended option