From 192a817e9c32c54ebcd26672e915348787c41275 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Tue, 30 Jul 2024 14:09:08 -0400 Subject: [PATCH] Support IPA IPA Trust with additional IPA server --- data/configs/dnsmasq.conf | 2 + .../hosts/master2.ipa2.test.ecdsa_key | 9 +++++ .../hosts/master2.ipa2.test.ecdsa_key.pub | 1 + .../hosts/master2.ipa2.test.ed25519_key | 7 ++++ .../hosts/master2.ipa2.test.ed25519_key.pub | 1 + data/ssh-keys/hosts/master2.ipa2.test.rsa_key | 38 +++++++++++++++++++ .../hosts/master2.ipa2.test.rsa_key.pub | 1 + docker-compose.yml | 22 +++++++++++ src/ansible/group_vars/all | 7 ++++ src/ansible/inventory.yml | 2 + src/ansible/playbook_image_service.yml | 4 +- src/ansible/roles/cleanup/tasks/main.yml | 4 +- .../roles/dns/templates/etc.dnsmasq.conf.j2 | 10 +++-- src/ansible/roles/ipa/tasks/main.yml | 5 +++ src/build.sh | 1 + src/docker-compose.build.yml | 3 ++ src/push.sh | 1 + src/tools/gen-ssh-keys.sh | 2 +- src/tools/setup-dns-files.sh | 2 + 19 files changed, 114 insertions(+), 8 deletions(-) create mode 100644 data/ssh-keys/hosts/master2.ipa2.test.ecdsa_key create mode 100644 data/ssh-keys/hosts/master2.ipa2.test.ecdsa_key.pub create mode 100644 data/ssh-keys/hosts/master2.ipa2.test.ed25519_key create mode 100644 data/ssh-keys/hosts/master2.ipa2.test.ed25519_key.pub create mode 100644 data/ssh-keys/hosts/master2.ipa2.test.rsa_key create mode 100644 data/ssh-keys/hosts/master2.ipa2.test.rsa_key.pub diff --git a/data/configs/dnsmasq.conf b/data/configs/dnsmasq.conf index 011d03c8..2fea94df 100644 --- a/data/configs/dnsmasq.conf +++ b/data/configs/dnsmasq.conf @@ -12,6 +12,7 @@ cache-size=0 # These zones have their own DNS server server=/ipa.test/172.16.100.10 +server=/ipa2.test/172.16.100.11 server=/samba.test/172.16.100.30 server=/ad.test/172.16.200.10 @@ -35,3 +36,4 @@ ptr-record=30.100.16.172.in-addr.arpa,dc.samba.test ptr-record=40.100.16.172.in-addr.arpa,client.test ptr-record=10.200.16.172.in-addr.arpa,dc.ad.test ptr-record=70.100.16.172.in-addr.arpa,master.keycloak.test +ptr-record=80.100.16.172.in-addr.arpa,master2.ipa2.test diff --git a/data/ssh-keys/hosts/master2.ipa2.test.ecdsa_key b/data/ssh-keys/hosts/master2.ipa2.test.ecdsa_key new file mode 100644 index 00000000..610e6fe3 --- /dev/null +++ b/data/ssh-keys/hosts/master2.ipa2.test.ecdsa_key @@ -0,0 +1,9 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS +1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRjXEUrafBAJC0RohbrH64Q58TqzbnL +AraSK9LAttYKzI7AtazSjeD/r1FSGktTCgfc+PFGMrbcOfTXYoPMcWQyAAAAuKw1diasNX +YmAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGNcRStp8EAkLRGi +FusfrhDnxOrNucsCtpIr0sC21grMjsC1rNKN4P+vUVIaS1MKB9z48UYyttw59Ndig8xxZD +IAAAAhAKXeBygNxWAGiweouLvmFqlCs0XRUF71oZNRzhDm29t0AAAAG1dlbGwga25vd24g +a2V5IGZvciBzc3NkLWNpLgECAwQ= +-----END OPENSSH PRIVATE KEY----- diff --git a/data/ssh-keys/hosts/master2.ipa2.test.ecdsa_key.pub b/data/ssh-keys/hosts/master2.ipa2.test.ecdsa_key.pub new file mode 100644 index 00000000..1b608b33 --- /dev/null +++ b/data/ssh-keys/hosts/master2.ipa2.test.ecdsa_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGNcRStp8EAkLRGiFusfrhDnxOrNucsCtpIr0sC21grMjsC1rNKN4P+vUVIaS1MKB9z48UYyttw59Ndig8xxZDI= Well known key for sssd-ci. diff --git a/data/ssh-keys/hosts/master2.ipa2.test.ed25519_key b/data/ssh-keys/hosts/master2.ipa2.test.ed25519_key new file mode 100644 index 00000000..56703b86 --- /dev/null +++ b/data/ssh-keys/hosts/master2.ipa2.test.ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACAReHC8F3OuxqeK1AaPPG7RZhv4L1PjZ7L/ftWb2gTIXAAAAKC5mEuCuZhL +ggAAAAtzc2gtZWQyNTUxOQAAACAReHC8F3OuxqeK1AaPPG7RZhv4L1PjZ7L/ftWb2gTIXA +AAAEC/H/YS4MZKKUrXvQkjngF7f+8X+5bJy5zTc0rfFdvu1xF4cLwXc67Gp4rUBo88btFm +G/gvU+Nnsv9+1ZvaBMhcAAAAG1dlbGwga25vd24ga2V5IGZvciBzc3NkLWNpLgEC +-----END OPENSSH PRIVATE KEY----- diff --git a/data/ssh-keys/hosts/master2.ipa2.test.ed25519_key.pub b/data/ssh-keys/hosts/master2.ipa2.test.ed25519_key.pub new file mode 100644 index 00000000..4ff7c526 --- /dev/null +++ b/data/ssh-keys/hosts/master2.ipa2.test.ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF4cLwXc67Gp4rUBo88btFmG/gvU+Nnsv9+1ZvaBMhc Well known key for sssd-ci. diff --git a/data/ssh-keys/hosts/master2.ipa2.test.rsa_key b/data/ssh-keys/hosts/master2.ipa2.test.rsa_key new file mode 100644 index 00000000..4e09d8ff --- /dev/null +++ b/data/ssh-keys/hosts/master2.ipa2.test.rsa_key @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEAmTy0Hq25qAKQpv6bZgNya2EspHWb+lZXGpvgtvlEvJT1p2IgxrZa +Oi0MAh+eePbtFPF9aCqZhkW10r5Y8tAEsxWueNi1NAzJGokbOEOW+Gk9J6kTl0mgLI8NBn +3NvNsbfReOxqhNXwgoAERvxM0Tzno3c4rX24zFmmv3ykrGZlxrZOrenKe1wHwYLnz7KHzt +f+IOYVsGGu28v1EgsAX21P9LUww/pJapWrFE4V7U0ogKSLxxF9BOWF1aMTDK78jgPsyjqo +n6Dr29F2wryhitx7CzQVFZZZzjNAvTL9Y2xs0VkI/iorlivTU3wDegTM5Vh1zIegwpBdyH +LNovGSmkZlIkBmc0nILzr/fY9tcNl3W+Wztjge7MOHKy5CJvEzknfjbWBS+0uHuglbtb24 ++vAUvkuxSUpUmk9epj0xccjJxT1qUgj9oe8qyk6RObZJg7AELW8r9J/nPg9Yj+Fg3ovJjn +r0NJ/ESQ3l77M266oTL6xSd98B4/8FJC8HYKhS6tAAAFmLNCjLCzQoywAAAAB3NzaC1yc2 +EAAAGBAJk8tB6tuagCkKb+m2YDcmthLKR1m/pWVxqb4Lb5RLyU9adiIMa2WjotDAIfnnj2 +7RTxfWgqmYZFtdK+WPLQBLMVrnjYtTQMyRqJGzhDlvhpPSepE5dJoCyPDQZ9zbzbG30Xjs +aoTV8IKABEb8TNE856N3OK19uMxZpr98pKxmZca2Tq3pyntcB8GC58+yh87X/iDmFbBhrt +vL9RILAF9tT/S1MMP6SWqVqxROFe1NKICki8cRfQTlhdWjEwyu/I4D7Mo6qJ+g69vRdsK8 +oYrcews0FRWWWc4zQL0y/WNsbNFZCP4qK5Yr01N8A3oEzOVYdcyHoMKQXchyzaLxkppGZS +JAZnNJyC86/32PbXDZd1vls7Y4HuzDhysuQibxM5J3421gUvtLh7oJW7W9uPrwFL5LsUlK +VJpPXqY9MXHIycU9alII/aHvKspOkTm2SYOwBC1vK/Sf5z4PWI/hYN6LyY569DSfxEkN5e ++zNuuqEy+sUnffAeP/BSQvB2CoUurQAAAAMBAAEAAAGAAwZBMdfQ8cF3NGyTCZzozbjBxk +8x8Gty1aoc8c+SrTwtawvTRMjFmB9afNI98PpCrKaliIBKvm0yzQGHxOcZKKW1Z1oznV7h +Oz5YhLBE0wtUsysxoUtJN4ftRGMIRAF5Fet4nHAm8si47WRsZlB74xfjb0revs0U+1rFLb +9zEgMh9YBzO1lOC4oHeidqV567m0oNaZt/z9lAX/BMelzrxcFyLaXwvaFhn1IfX2ldPviD +Z3McslEgsrrI9G6Xmsr2pkRrH5TVy+Wbx8vNgw2hdcTw6jt+BIq5mkOkETaNKLUL87l6OF +o1uIRZrw/3s8uWQnSnDxCu5fvfjU3LP5bRTp78tYDYgVaWmDn+9JTPZR5pQzym05JNbkLu ++hEiBLELtJNlQIvwG76SltqFMzcZ7G6ZbIohGn+R42Y92gaRYQNE16qLnXS1aD+W2a3zP4 +qLwPMxD3/86EyxpMsXWCuIFHmzOhGQuN7sHu+Mw5woD5JUTbrEg4N7LkCLD4e4wWi7AAAA +wQC7PMaiiCF6s8m6gFfLuO60/dRpTY+V/VcuQxN6xi9ftI1LdEI4K8RISlTdD7+4sK9Isl +9bf+RsqYIbCGUTuH+QplKW60oMFu34sMk7D689AjuTFk3YOE7E6R4cDqJIKTD09+p0hVhw +s3otGW6aPiX3M+efWI2sqrjM4QpZC2iRT6EMPksd9EbzgTUuDPfzSPdf1moN62VlhXkL3T +Te0YEmqYkxcXlil6juNRTYvyXGQGZHKgxIk5V7hakqdHJ+vtMAAADBAMt5mNAv3bH28TND +4bJU3L0Z3ZafJtB74/oTlQVltBJPFTSB+SrR8YXKK8RTBEBeVCw4U0e5zjwRKNxqL+XGaL +G8T0enPtsVdKcrrxCqnCbJPzGvhBYg7NXU7tj1GRlkdjISBndn2C4sStvGzAY5bbEwkjfq +BIv+b1O+Hz8FsVF/TVUK1H/ADfta20kPy18+7v1CtfBjXXLyaRj1BvnZMq8sg6BmFd5P07 +nbN4olqKjXmWAqqPohJvJqaGujkHDeIwAAAMEAwMsyb3zFCXlgpDcSaK7Vz6F8Rl9rrG8+ +Ki/9FNfx+s82iLKWFPYsGZ5ENVtOBNwOA5VdNL9pZpYfcR+iTcvAawCjd32PAKRuJkTBYs +5XIb66aGaNvOxAct86S99wupXG2Ir3vdX7R5PYdlix7TmHw2Llb11MldhxT2tzh52PVYFl +UbrlpJI58UiqATq/Zd85tKNOSxUW8LfOc3CcUMa4n7lwE9pgEPbRjkPl3ld76D+yhupguw +L/HjhXlclqUcTvAAAAG1dlbGwga25vd24ga2V5IGZvciBzc3NkLWNpLgECAwQFBgc= +-----END OPENSSH PRIVATE KEY----- diff --git a/data/ssh-keys/hosts/master2.ipa2.test.rsa_key.pub b/data/ssh-keys/hosts/master2.ipa2.test.rsa_key.pub new file mode 100644 index 00000000..2abe82e1 --- /dev/null +++ b/data/ssh-keys/hosts/master2.ipa2.test.rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZPLQerbmoApCm/ptmA3JrYSykdZv6Vlcam+C2+US8lPWnYiDGtlo6LQwCH5549u0U8X1oKpmGRbXSvljy0ASzFa542LU0DMkaiRs4Q5b4aT0nqROXSaAsjw0Gfc282xt9F47GqE1fCCgARG/EzRPOejdzitfbjMWaa/fKSsZmXGtk6t6cp7XAfBgufPsofO1/4g5hWwYa7by/USCwBfbU/0tTDD+klqlasUThXtTSiApIvHEX0E5YXVoxMMrvyOA+zKOqifoOvb0XbCvKGK3HsLNBUVllnOM0C9Mv1jbGzRWQj+KiuWK9NTfAN6BMzlWHXMh6DCkF3Ics2i8ZKaRmUiQGZzScgvOv99j21w2Xdb5bO2OB7sw4crLkIm8TOSd+NtYFL7S4e6CVu1vbj68BS+S7FJSlSaT16mPTFxyMnFPWpSCP2h7yrKTpE5tkmDsAQtbyv0n+c+D1iP4WDei8mOevQ0n8RJDeXvszbrqhMvrFJ33wHj/wUkLwdgqFLq0= Well known key for sssd-ci. diff --git a/docker-compose.yml b/docker-compose.yml index 4ab587b2..20d7fbf0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -44,6 +44,28 @@ services: networks: sssd: ipv4_address: 172.16.100.10 + ipa2: + image: ${REGISTRY}/ci-ipa2:${TAG} + container_name: ipa2 + hostname: master2.ipa2.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - AUDIT_WRITE + - AUDIT_CONTROL + - SYS_CHROOT + - NET_ADMIN + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.11 ldap: image: ${REGISTRY}/ci-ldap:${TAG} container_name: ldap diff --git a/src/ansible/group_vars/all b/src/ansible/group_vars/all index a36830bc..4cfe7b75 100644 --- a/src/ansible/group_vars/all +++ b/src/ansible/group_vars/all @@ -6,6 +6,13 @@ service: { netbios: 'IPA', password: 'Secret123' }, + ipa2: { + domain: 'ipa2.test', + hostname: 'master2', + fqn: 'master2.ipa2.test', + netbios: 'IPA2', + password: 'Secret123' + }, ldap: { domain: 'ldap.test', hostname: 'master', diff --git a/src/ansible/inventory.yml b/src/ansible/inventory.yml index 3f075a5c..83f7d83f 100644 --- a/src/ansible/inventory.yml +++ b/src/ansible/inventory.yml @@ -53,6 +53,8 @@ all: hosts: master.ipa.test: ansible_host: sssd-wip-ipa + master2.ipa2.test: + ansible_host: sssd-wip-ipa2 ldap: hosts: master.ldap.test: diff --git a/src/ansible/playbook_image_service.yml b/src/ansible/playbook_image_service.yml index 3436d17e..2a80e210 100644 --- a/src/ansible/playbook_image_service.yml +++ b/src/ansible/playbook_image_service.yml @@ -16,7 +16,9 @@ roles: - samba -- hosts: master.ipa.test +- hosts: + - master.ipa.test + - master2.ipa2.test gather_facts: no roles: - ipa diff --git a/src/ansible/roles/cleanup/tasks/main.yml b/src/ansible/roles/cleanup/tasks/main.yml index 58c032c1..2c3c35a4 100644 --- a/src/ansible/roles/cleanup/tasks/main.yml +++ b/src/ansible/roles/cleanup/tasks/main.yml @@ -7,7 +7,7 @@ - name: Remove 389ds database to make image smaller shell: rm -f /var/lib/dirsrv/slapd-IPA-TEST/db/__db.* - when: inventory_hostname == 'master.ipa.test' or inventory_hostname == 'ipa-devel' + when: inventory_hostname in groups["ipa"] or inventory_hostname == 'ipa-devel' - name: Minimize LDAP service container block: @@ -29,4 +29,4 @@ - name: Remove SSSD's database and logs shell: rm -f /var/lib/sss/db/* /var/lib/sss/mc/* /var/log/sssd/* - when: inventory_hostname == 'client.test' or inventory_hostname == 'master.ipa.test' + when: inventory_hostname in groups["client"] or inventory_hostname in groups["ipa"] diff --git a/src/ansible/roles/dns/templates/etc.dnsmasq.conf.j2 b/src/ansible/roles/dns/templates/etc.dnsmasq.conf.j2 index 8f1a51be..048ea69a 100644 --- a/src/ansible/roles/dns/templates/etc.dnsmasq.conf.j2 +++ b/src/ansible/roles/dns/templates/etc.dnsmasq.conf.j2 @@ -13,9 +13,9 @@ domain=test cache-size=0 # These zones have their own DNS server -{% if 'master.ipa.test' in hostvars %} -server=/ipa.test/{{ hostvars['master.ipa.test']['ansible_facts']['default_ipv4']['address'] }} -{% endif %} +{% for host in groups['ipa'] %} +server=/{{ hostvars[host]['ansible_facts']['domain'] }}/{{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }} +{% endfor %} {% if 'dc.samba.test' in hostvars %} server=/samba.test/{{ hostvars['dc.samba.test']['ansible_facts']['default_ipv4']['address'] }} {% endif %} @@ -28,7 +28,9 @@ server=/{{ hostvars[ad]['ansible_facts']['windows_domain'] }}/{{ hostvars[ad]['a {% endif %} # Add reverse zones for artificial hosts in IPA domain +{% if 'master.ipa.test' in hostvars %} server=/251.255.10.in-addr.arpa/{{ hostvars['master.ipa.test']['ansible_facts']['default_ipv4']['address'] }} +{% endif %} # Add SRV record for LDAP {% if 'master.ldap.test' in hostvars %} @@ -51,4 +53,4 @@ ptr-record={{ hostvars[host]['ansible_facts']['default_ipv4']['address'].split(' {% elif hostvars[host].ansible_system == 'Win32NT' %} ptr-record={{ hostvars[host]['ansible_facts']['ip_addresses'][0].split('.') | reverse | join(".") }}.in-addr.arpa,{{ host }} {% endif %} -{% endfor %} \ No newline at end of file +{% endfor %} diff --git a/src/ansible/roles/ipa/tasks/main.yml b/src/ansible/roles/ipa/tasks/main.yml index 186cdd8a..1631fd28 100644 --- a/src/ansible/roles/ipa/tasks/main.yml +++ b/src/ansible/roles/ipa/tasks/main.yml @@ -110,6 +110,7 @@ ipa --no-prompt dnszone-add --name-from-ip 10.255.251.0/24 args: stdin: '{{ ipa_password }}' + when: inventory_hostname == 'master.ipa.test' - name: 'Check trust with other domains' shell: | @@ -144,6 +145,7 @@ - '"samba" in groups and groups["samba"]' - join_samba - trust_ipa_samba + - inventory_hostname != 'master2.ipa2.test' - name: 'Setup trust with AD' block: @@ -167,6 +169,8 @@ when: - 'ad_domain not in trust.stdout' - not trust_ipa_ad_two_way + - inventory_hostname != 'master2.ipa2.test' + - name: Run ipa trust-add (two-way) shell: | kinit admin @@ -182,3 +186,4 @@ - '"ad" in groups and groups["ad"]' - join_ad - trust_ipa_ad + - inventory_hostname != 'master2.ipa2.test' diff --git a/src/build.sh b/src/build.sh index 0014303f..f832ec51 100755 --- a/src/build.sh +++ b/src/build.sh @@ -140,6 +140,7 @@ ansible-playbook $ANSIBLE_OPTS ./ansible/playbook_image_service.yml compose stop build_service_image sssd-wip-client client build_service_image sssd-wip-ipa ipa +build_service_image sssd-wip-ipa2 ipa2 build_service_image sssd-wip-ldap ldap build_service_image sssd-wip-samba samba build_service_image sssd-wip-nfs nfs diff --git a/src/docker-compose.build.yml b/src/docker-compose.build.yml index 22211d28..a94c6011 100644 --- a/src/docker-compose.build.yml +++ b/src/docker-compose.build.yml @@ -5,6 +5,9 @@ services: ipa: image: localhost/sssd/ci-base-ipa:${TAG} container_name: sssd-wip-ipa + ipa2: + image: localhost/sssd/ci-base-ipa:${TAG} + container_name: sssd-wip-ipa2 ldap: image: localhost/sssd/ci-base-ldap:${TAG} container_name: sssd-wip-ldap diff --git a/src/push.sh b/src/push.sh index 9c70d616..fc4eeeb1 100755 --- a/src/push.sh +++ b/src/push.sh @@ -66,6 +66,7 @@ push ci-dns latest "" push ci-client "$TAG" "$EXTRA_TAGS" push ci-client-devel "$TAG" "$EXTRA_TAGS" push ci-ipa "$TAG" "$EXTRA_TAGS" +push ci-ipa2 "$TAG" "$EXTRA_TAGS" push ci-ipa-devel "$TAG" "$EXTRA_TAGS" push ci-ldap "$TAG" "$EXTRA_TAGS" push ci-samba "$TAG" "$EXTRA_TAGS" diff --git a/src/tools/gen-ssh-keys.sh b/src/tools/gen-ssh-keys.sh index 395aa1de..3dfd518d 100755 --- a/src/tools/gen-ssh-keys.sh +++ b/src/tools/gen-ssh-keys.sh @@ -17,7 +17,7 @@ mkdir -p $OUT mkdir -p $OUT/hosts for name in client.test dc.samba.test dns.test kdc.test \ - master.ipa.test master.keycloak.test master.ldap.test nfs.test; do + master.ipa.test master2.ipa2.test master.keycloak.test master.ldap.test nfs.test; do for type in ecdsa ed25519 rsa; do ssh-keygen -C "Well known key for sssd-ci." -t $type -f "$OUT/hosts/$name.${type}_key" -N "" <<< y done diff --git a/src/tools/setup-dns-files.sh b/src/tools/setup-dns-files.sh index 056d8b1f..724b1423 100755 --- a/src/tools/setup-dns-files.sh +++ b/src/tools/setup-dns-files.sh @@ -17,6 +17,7 @@ sed -i '/client.test/d' /etc/hosts sed -i '/nfs.test/d' /etc/hosts sed -i '/kdc.test/d' /etc/hosts sed -i '/dc.ad.test/d' /etc/hosts +sed -i '/master2.ipa2.test/d' /etc/hosts # Append the lines echo "172.16.100.10 master.ipa.test" >> /etc/hosts @@ -26,3 +27,4 @@ echo "172.16.100.40 client.test" >> /etc/hosts echo "172.16.100.50 nfs.test" >> /etc/hosts echo "172.16.100.60 kdc.test" >> /etc/hosts echo "172.16.200.10 dc.ad.test" >> /etc/hosts +echo "172.16.100.11 master2.ipa2.test" >> /etc/hosts