On 04/23/2014 10:00 AM, Stephen Benjamin wrote:
Hi All,

As part of the next release of Foreman, 1.5, realm join integration
is being introduced. The first provider is, of course, FreeIPA.  :-)

The first release candidate of 1.5 is out now and I'd really
appreciate it if anyone wants to give the FreeIPA integration a good
workout.  You can see it in action during today's sprint demo starting
at about 36 minutes in:


Docs about the FreeIPA stuff are here:


If you run into any problems, I'm happy to help, I'm stbenjam
over on #theforeman or #freeipa IRC channels.

Note - There's at least one bug whose fix should be merged in RC2:
unenrolled hosts aren't deleted from IPA correctly.  Otherwise it
should all work as advertised!



Very cool!

Several questions:
- Is it using IPA smart proxy and if not when and how it will? We would probably need to add the instruction on how to set it up instead of the native one. I suspect there are some differences and the reason why one would be used over another. - I think the setup script should probably be a part of IPA smart proxy project rather than a part of Foreman. IMO it is in the boat as mart proxy as it links IPA and Foreman together. What do you think? May be there should be spacial repo in IPA. As we move forward we would need to have more and more simple scripts to setup specific integration aspects with different projects. This is just the first one of them so we need to define what we want to do with the next one when it emerges. - You have FreeIPA there as a realm type. Would it be possible to change this string because in RHEL it is called "Identity Management"? - Does this support a case when the machine needs to be re-provisioned? Does it do the right cleanup? - Moving forward it might make sense to be able to pass other parameters to the realm join to pass to ipa client install. I think we need to explore this more. For example do you want to configure SUDO or automaint integration on the provisioned host? Do you want to generate and upload host fingerprint, etc. Where is the right place to track this work?

This is all that comes to mind so far.

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Freeipa-users mailing list

Reply via email to