On 08/18/2014 09:35 PM, Michael Lasevich wrote:
> I wanted to use the python ipalib directly, but like you mentioned, I found
> very little documentation and what I found indicated I was going to just
> pass cli arguments to it, it seemed to be not much better than calling the
> wrapper directly :-
I wanted to use the python ipalib directly, but like you mentioned, I found
very little documentation and what I found indicated I was going to just
pass cli arguments to it, it seemed to be not much better than calling the
wrapper directly :-(
I will clean up my salt reactor of things specific to
Michael Lasevich wrote:
> Thanks, that was actually very helpful.
>
> "Host Enrollment" privilege does not actually allow you to enroll hosts,
> not sure what that is about. But "Host Administrators" worked just fine.
I'd be curious to know how it was failing. It should be enough to do
just an en
On 08/15/2014 06:02 PM, James wrote:
On Fri, Aug 15, 2014 at 5:25 AM, Michael Lasevich
wrote:
Sorry, I did not intend to belittle your efforts - just misread the code
Didn't take it that way, no worries :)
(saw you pass in $admin and $password and made wrong assumption that $admin
was admin
On Fri, Aug 15, 2014 at 5:25 AM, Michael Lasevich
wrote:
> Sorry, I did not intend to belittle your efforts - just misread the code
Didn't take it that way, no worries :)
> (saw you pass in $admin and $password and made wrong assumption that $admin
> was admin username) as well as trying to avoid
On 15.8.2014 12:51, Martin Kosek wrote:
On 08/15/2014 11:25 AM, Michael Lasevich wrote:
...
The only thing that bugs me is that I am calling IPA python code from my
salt reactor python code via subprocess - there has got to be a better,
more direct way - but I found documentation too confusing
On 08/15/2014 11:25 AM, Michael Lasevich wrote:
...
> The only thing that bugs me is that I am calling IPA python code from my
> salt reactor python code via subprocess - there has got to be a better,
> more direct way - but I found documentation too confusing to follow at 1
> am - will be a proje
On 08/15/2014 11:25 AM, Michael Lasevich wrote:
Sorry, I did not intend to belittle your efforts - just misread the
code (saw you pass in $admin and $password and made wrong assumption
that $admin was admin username) as well as trying to avoid puppet as I
find Salt much quicker and much simpler
This may also be a bug. Host Enrollment privilege should be enough to join
FreeIPA. We did many access control related fixes in FreeIPA 4.0 (like
https://fedorahosted.org/freeipa/ticket/4252), it may got fixed there.
If "Host Enrollment" permission is still failing for you in 4.0+, we would be
int
Thanks, that was actually very helpful.
"Host Enrollment" privilege does not actually allow you to enroll hosts,
not sure what that is about. But "Host Administrators" worked just fine.
-M
On Fri, Aug 15, 2014 at 1:18 AM, Martin Kosek wrote:
> On 08/14/2014 10:23 PM, Michael Lasevich wrote:
>
Sorry, I did not intend to belittle your efforts - just misread the code
(saw you pass in $admin and $password and made wrong assumption that $admin
was admin username) as well as trying to avoid puppet as I find Salt much
quicker and much simpler (and already established in my setup)
I sat down t
On 08/14/2014 10:23 PM, Michael Lasevich wrote:
> Is there somewhere a documented minimum set of permissions required to
> create a special role/account/principal to auto-join machines to the domain?
>
> I am not all too comfortable to run this as admin user and not quite ready
> to set up the orc
On Thu, Aug 14, 2014 at 8:29 PM, Michael Lasevich
wrote:
> I appreciate it. Maybe I did not read it close enough, but it seemed to send
> the admin password to every client, which is what I am trying to avoid.
Oh no!! Definitely not :) I went to great pains to specifically avoid
this actually. If
I appreciate it. Maybe I did not read it close enough, but it seemed to
send the admin password to every client, which is what I am trying to
avoid.
I will take a closer look, maybe I can bite the bullet and implement the
few lines of code that are required to make this work in Salt (it would
take
On Thu, Aug 14, 2014 at 7:29 PM, Michael Lasevich
wrote:
> Not that much. For one, I am using Salt instead if Puppet, but more
> importantly, if I am reading this correctly it seems to be just using full
> admin account. I can already do that. By orchestration I meant setting up
> the OTP for clie
Not that much. For one, I am using Salt instead if Puppet, but more
importantly, if I am reading this correctly it seems to be just using full
admin account. I can already do that. By orchestration I meant setting up
the OTP for client join on the server, then passing that OTP to the client
to join
On Thu, Aug 14, 2014 at 4:23 PM, Michael Lasevich
wrote:
> I am not all too comfortable to run this as admin user and not quite ready
> to set up the orchestration needed to pre-join the host.
Re: orchestration,
https://github.com/purpleidea/puppet-ipa
Does this help?
--
Manage your subscript
17 matches
Mail list logo