bunny-lab/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Servers & Workflows/Linux/Automation/Puppet/Puppet Bolt.md

Browse Source
This commit is contained in:
Nicole Rappe
2024-11-14 21:52:01 -07:00
parent 20339f3fd7
commit 355155794e
1 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
Servers & Workflows/Linux/Automation/Puppet/Puppet Bolt.md
View File

@ -77,7 +77,7 @@ cd /etc/puppetlabs/bolt
bolt inventory show bolt inventory show
``` ```
??? example "Example Inventory Output" ??? example "Example Output of `bolt inventory show`"
You should expect to see output similar to the following: You should expect to see output similar to the following:
``` ```
[root@lab-puppet-01 bolt-lab]# bolt inventory show [root@lab-puppet-01 bolt-lab]# bolt inventory show
@ -126,4 +126,45 @@ We need to install the necessary software on the puppet server to allow Kerberos
``` sh ``` sh
sudo zypper install krb5-client sudo zypper install krb5-client
```
### Prepare `/etc/krb5.conf` Configuration
We need to configure Kerberos to know how to reach the domain, this is achieved by editing `/etc/krb5.conf` to look similar to the following, with your own domain substituting the example values.
``` ini
[libdefaults]
default_realm = BUNNY-LAB.IO
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = true
[realms]
BUNNY-LAB.IO = {
kdc = LAB-DC-01.bunny-lab.io
kdc = LAB-DC-02.bunny-lab.io
admin_server = LAB-DC-01.bunny-lab.io
}
[domain_realm]
.bunny-lab.io = BUNNY-LAB.IO
bunny-lab.io = BUNNY-LAB.IO
```
### Initialize Kerberos Connection
Now we need to log into the domain using (preferrably) domain administrator credentials, such as the example below. You will be prompted to enter your domain password.
``` sh
kinit nicole.rappe@BUNNY-LAB.IO
klist
```
??? example "Example Output of `klist`"
You should expect to see output similar to the following. Finding a way to ensure the Kerberos tickets live longer is still under research, as 24 hours is not exactly practical for long-term deployments.
```
[root@lab-puppet-01 bolt-lab]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: nicole.rappe@BUNNY-LAB.IO
Valid starting Expires Service principal
11/14/2024 21:19:44 11/15/2024 07:19:44 krbtgt/BUNNY-LAB.IO@BUNNY-LAB.IO
renew until 11/15/2024 21:19:40
``` ```