Re: [Freeipa-users] FreeIPA + Foreman 1.5

Fri, 25 Apr 2014 09:24:12 -0700 

On 04/25/2014 10:29 AM, Stephen Benjamin wrote:

----- Original Message -----

From: "Dmitri Pal" <d...@redhat.com>
To: "Stephen Benjamin" <stben...@redhat.com>
Cc: "Martin Kosek" <mko...@redhat.com>, "Jan Cholasta" <jchol...@redhat.com>, 
freeipa-users@redhat.com, "Tomas Babej"
<tba...@redhat.com>
Sent: Friday, April 25, 2014 3:59:31 PM
Subject: Re: [Freeipa-users] FreeIPA + Foreman 1.5

On 04/25/2014 09:52 AM, Stephen Benjamin wrote:

----- Original Message -----

From: "Dmitri Pal" <d...@redhat.com>
To: "Martin Kosek" <mko...@redhat.com>, "Stephen Benjamin"
<stben...@redhat.com>
Cc: "Jan Cholasta" <jchol...@redhat.com>, freeipa-users@redhat.com, "Tomas
Babej" <tba...@redhat.com>
Sent: Friday, April 25, 2014 3:42:39 PM
Subject: Re: [Freeipa-users] FreeIPA + Foreman 1.5

Are you planning to have a toggle for SSH integration?

There's freeipa_opts to pass options directly to the installer, so a user
can
directly pass anything they want.

I can add the SSH flag if it's needed and a relatively common one...

Is there anything else that should be added?

I still have to give the snippet a workout to ensure it works on
everything,
but seems OK so far, even if it's not going to win any beauty contests.

   
https://github.com/stbenjam/community-templates/blob/freeipa-fixes/snippets/freeipa_register.erb



Yeah I was not thrilled by sed but if we can't do better for now so be it.

Can Foreman have defaults?
So that SSH & SUDO are turned on by default but automount is not.
I am not sure there is anything else for now.

Yup, defaults are as you described.

SSH integration can't currently be turned off but I'll add the flag.



We might start getting into more advanced features like provisioning
certs for other software components deployed on the same machine later.
That however rises a question: is there a way to record in Foreman that
the client system has been IPA enrolled, because if it was the software
deployed on top might be able to leverage this fact and the
configuration of this software would be different if the system is
enrolled or not.

Foreman keeps track of which hosts are registered, so this information is
available for use.  Certificates could even be managed in Foreman
via a puppet module (there's one out there for Certmonger, IIRC).
Yes. This is the direction of the further expansion. Let us get back to it in couple months. 





--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.





--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to