[Freeipa-users] FreeIPA + Foreman 1.5
Dmitri Pal
dpal at redhat.com
Fri Apr 25 13:59:31 UTC 2014
On 04/25/2014 09:52 AM, Stephen Benjamin wrote:
>
> ----- Original Message -----
>> From: "Dmitri Pal" <dpal at redhat.com>
>> To: "Martin Kosek" <mkosek at redhat.com>, "Stephen Benjamin" <stbenjam at redhat.com>
>> Cc: "Jan Cholasta" <jcholast at redhat.com>, freeipa-users at redhat.com, "Tomas Babej" <tbabej at redhat.com>
>> Sent: Friday, April 25, 2014 3:42:39 PM
>> Subject: Re: [Freeipa-users] FreeIPA + Foreman 1.5
>>
>> Are you planning to have a toggle for SSH integration?
> There's freeipa_opts to pass options directly to the installer, so a user can
> directly pass anything they want.
>
> I can add the SSH flag if it's needed and a relatively common one...
>
> Is there anything else that should be added?
>
> I still have to give the snippet a workout to ensure it works on everything,
> but seems OK so far, even if it's not going to win any beauty contests.
>
> https://github.com/stbenjam/community-templates/blob/freeipa-fixes/snippets/freeipa_register.erb
>
>
Yeah I was not thrilled by sed but if we can't do better for now so be it.
Can Foreman have defaults?
So that SSH & SUDO are turned on by default but automount is not.
I am not sure there is anything else for now.
We might start getting into more advanced features like provisioning
certs for other software components deployed on the same machine later.
That however rises a question: is there a way to record in Foreman that
the client system has been IPA enrolled, because if it was the software
deployed on top might be able to leverage this fact and the
configuration of this software would be different if the system is
enrolled or not.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list