Creating an environment configured with FreeIPA HA

Enable high-availability FreeIPA when you register an environment. The CDP CLI provides environment creation commands that include an option for setting multiple FreeIPA instances, which triggers the system to set up the identity management cluster.

FreeIPA HA cannot be added to an existing environment, it just be configured during environment creation.

Enabling FreeIPA HA via UI

During environment registration, enable FreeIPA HA from Region, Network, Security and Storage > Enable FreeIPA HA.

Enabling FreeIPA HA via CLI

To create an environment with FreeIPA HA via CLI:

  1. Run the CDP CLI command to create an environment and include an additional parameter in the JSON-formatted command input:
    "freeIpa":{"instanceCountByGroup":<n>}

    replacing <n> with the number of instances of FreeIPA you want. The maximum number of instances is 3. Choose 2 or 3 based on the level of redundancy you want.

    The create environment JSON input would look similar to the following example (line breaks added for readability). Ths example registers an environment with two instances of FreeIPA:

    Figure 1. Command and JSON input to register an AWS environment with FreeIPA HA
    $ cdp environments create-aws-environment --cli-input-json 
      '{
          "environmentName":"finance-reporting-set4",
          "credentialName":"acme-finance",
          "region":"us-west-2",
          "securityAccess":{"cidr":"0.0.0.0/0"},
          "authentication":{"publicKeyId":"acme-finance-key"},
          "logStorage":
             {
               "storageLocationBase":"s3a://acme-finance-datalake/finance-reporting-set4/logs",
               "instanceProfile":"arn:aws:iam::308455126366:instance-profile/acme-admin-finance"
             },
           "vpcId":"vpc-0207f88d49b2b8118",
           "subnetIds":
                ["subnet-004570df81d2faaaa",
                 "subnet-0918053720e75ffff",
                 "subnet-020ae15bc71542222"],
           "s3GuardTableName":"acme-finance-reporting-set4",
           "description":"",
           "freeIpa":{"instanceCountByGroup":2}
        }'
    Figure 2. Command and JSON input to register an Azure environment with FreeIPA HA
    $ cdp environments create-aws-environment --cli-input-json
    '{
        "credentialName": "acme-finance",
        "description": "create azure environment via cdp.",
        "enableTunnel": false,
        "environmentName": "finance-reporting-set4",
        "existingNetworkParams": {
            "networkId": "acmesqn32a",
            "resourceGroupName": "acme-finance-rptg",
            "subnetIds": ["default"]
        },
        "freeIpa": {"instanceCountByGroup": 2},
        "logStorage": {
            "managedIdentity": "/subscriptions/94429766-1315-49e2-ad5b-7578f428b58b/resourceGroups/acme-finance-rptg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/acmefinancerptg-LoggerIdentity",
            "storageLocationBase": "abfs://logs@jmcswainfooqvenv.dfs.core.windows.net"
        },
        "publicKey": "ssh-rsa AAAAB3NzaC1yc2EBBBBDAQABAAABAQC0Rl2G2vsD6yc19RxCqReunFgpYj+ucyLobpTCBfDwzIbJot2Fmife6M42mBtiTmAK6x8cUEeab6CB4MUszqF7vGTFUjwFUBhi8xzey+KS9KVrQ+UuKJh/AN9iSyF5+etVH+bK1/61QC5YMIi65aBc82Dl6tH6OEiP7mzByU52yvH6JFuwZ/9fWj1vXCDPh",
        "region": "West US 2",
        "securityAccess": {"cidr": "0.0.0.0/0"},
        "usePublicIp": true
    }'
  2. After successfully registering the environment, continue to create the Data Lake as described in the cloud-provider specific instructions.