On 04/23/2014 10:00 AM, Stephen Benjamin wrote:
Hi All,
As part of the next release of Foreman, 1.5, realm join integration
is being introduced. The first provider is, of course, FreeIPA. :-)
The first release candidate of 1.5 is out now and I'd really
appreciate it if anyone wants to give the FreeIPA integration a good
workout. You can see it in action during today's sprint demo starting
at about 36 minutes in:
https://www.youtube.com/watch?v=XliDyFFi-SI#t=36m00
Docs about the FreeIPA stuff are here:
http://theforeman.org/manuals/1.5/index.html#4.3.11FreeIPARealm
If you run into any problems, I'm happy to help, I'm stbenjam
over on #theforeman or #freeipa IRC channels.
Note - There's at least one bug whose fix should be merged in RC2:
unenrolled hosts aren't deleted from IPA correctly. Otherwise it
should all work as advertised!
Thanks!!
Stephen
Very cool!
Several questions:
- Is it using IPA smart proxy and if not when and how it will? We would
probably need to add the instruction on how to set it up instead of the
native one. I suspect there are some differences and the reason why one
would be used over another.
- I think the setup script should probably be a part of IPA smart proxy
project rather than a part of Foreman. IMO it is in the boat as mart
proxy as it links IPA and Foreman together. What do you think? May be
there should be spacial repo in IPA. As we move forward we would need to
have more and more simple scripts to setup specific integration aspects
with different projects. This is just the first one of them so we need
to define what we want to do with the next one when it emerges.
- You have FreeIPA there as a realm type. Would it be possible to change
this string because in RHEL it is called "Identity Management"?
- Does this support a case when the machine needs to be re-provisioned?
Does it do the right cleanup?
- Moving forward it might make sense to be able to pass other parameters
to the realm join to pass to ipa client install. I think we need to
explore this more. For example do you want to configure SUDO or
automaint integration on the provisioned host? Do you want to generate
and upload host fingerprint, etc. Where is the right place to track this
work?
This is all that comes to mind so far.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
