Hi Marc, This would be more complicated on OpenShift 4/RHEL CoreOS but I think doable. First thing is to check whether cifs and IdM packages are available on CoreOS (you can use oc debug to get a shell on a node and rpm/yum). CoreOS nodes become tainted when you ssh into it, so I guess using ansible to manage their configs is ruled out.
If they are, you can inject configuration files (such as a keytab) into CoreOs hosts using MachineConfigs or some other resource from the Machine API. If they are not, you'll need a privileged container to work as the cifs client. It would be managed my a DaemonSet and probably require a custom SCC to grant it the necessary rights, but it is doable to have a container that loads kernel modules into the host and etc. Ideally, all of this would be packaged as an operator. I am good at throwing ideas, but implementing this stuff is far beyond my current knowledge level. Maybe it is is not that hard. []s, Fernando Lozano On Fri, Jun 14, 2019 at 10:48 AM Marc Boorshtein <[email protected]> wrote: > >> On Thu, Jun 13, 2019 at 7:00 PM Hemant Kumar <[email protected]> wrote: >> >>> Yes they are. The only catch is - getting them to work in control-plane >>> is more difficult, but since your flexvolume plugin worked in 3.11 where >>> controller-manager is already conainerized, it may not be so for your >>> particular use case. >>> >>> [DC]: if you don't mind, curious to understand why you think in v4 is >> harder to get it working with the control-plane? >> >>> >>> > The flexvolume is for cifs and in order to work needs to: > > 1. Have the cifs packages installed > 2. Have the user's kerberos keytab available (we're not allowed to use > usernames and passwords) > > on 3.11 we're managing this with a combination of FreeIPA (every node is a > member of the ipa domain), Ansible and OpenUnison. Given 4.x's reliance on > a container os (RHCOS or FCOS) my assumption was this wouldn't work > anymore. Is that assumption wrong? > > Thanks > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
