[Freeipa-users] FreeIPA + Foreman 1.5

Stephen Benjamin stbenjam at redhat.com
Fri Apr 25 14:29:25 UTC 2014 

----- Original Message -----
> From: "Dmitri Pal" <dpal at redhat.com>
> To: "Stephen Benjamin" <stbenjam at redhat.com>
> Cc: "Martin Kosek" <mkosek at redhat.com>, "Jan Cholasta" <jcholast at redhat.com>, freeipa-users at redhat.com, "Tomas Babej"
> <tbabej at redhat.com>
> Sent: Friday, April 25, 2014 3:59:31 PM
> Subject: Re: [Freeipa-users] FreeIPA + Foreman 1.5
> 
> On 04/25/2014 09:52 AM, Stephen Benjamin wrote:
> >
> > ----- Original Message -----
> >> From: "Dmitri Pal" <dpal at redhat.com>
> >> To: "Martin Kosek" <mkosek at redhat.com>, "Stephen Benjamin"
> >> <stbenjam at redhat.com>
> >> Cc: "Jan Cholasta" <jcholast at redhat.com>, freeipa-users at redhat.com, "Tomas
> >> Babej" <tbabej at redhat.com>
> >> Sent: Friday, April 25, 2014 3:42:39 PM
> >> Subject: Re: [Freeipa-users] FreeIPA + Foreman 1.5
> >>
> >> Are you planning to have a toggle for SSH integration?
> > There's freeipa_opts to pass options directly to the installer, so a user
> > can
> > directly pass anything they want.
> >
> > I can add the SSH flag if it's needed and a relatively common one...
> >
> > Is there anything else that should be added?
> >
> > I still have to give the snippet a workout to ensure it works on
> > everything,
> > but seems OK so far, even if it's not going to win any beauty contests.
> >
> >   https://github.com/stbenjam/community-templates/blob/freeipa-fixes/snippets/freeipa_register.erb
> >
> >
> Yeah I was not thrilled by sed but if we can't do better for now so be it.
>
> Can Foreman have defaults?
> So that SSH & SUDO are turned on by default but automount is not.
> I am not sure there is anything else for now.

Yup, defaults are as you described.

SSH integration can't currently be turned off but I'll add the flag.


> We might start getting into more advanced features like provisioning
> certs for other software components deployed on the same machine later.
> That however rises a question: is there a way to record in Foreman that
> the client system has been IPA enrolled, because if it was the software
> deployed on top might be able to leverage this fact and the
> configuration of this software would be different if the system is
> enrolled or not.

Foreman keeps track of which hosts are registered, so this information is
available for use.  Certificates could even be managed in Foreman
via a puppet module (there's one out there for Certmonger, IIRC).


> --
> Thank you,
> Dmitri Pal
> 
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
> 
>

More information about the Freeipa-users mailing list