[Freeipa-users] FreeIPA + Foreman 1.5

Dmitri Pal dpal at redhat.com
Fri Apr 25 16:21:21 UTC 2014 

On 04/25/2014 10:29 AM, Stephen Benjamin wrote:
> ----- Original Message -----
>> From: "Dmitri Pal" <dpal at redhat.com>
>> To: "Stephen Benjamin" <stbenjam at redhat.com>
>> Cc: "Martin Kosek" <mkosek at redhat.com>, "Jan Cholasta" <jcholast at redhat.com>, freeipa-users at redhat.com, "Tomas Babej"
>> <tbabej at redhat.com>
>> Sent: Friday, April 25, 2014 3:59:31 PM
>> Subject: Re: [Freeipa-users] FreeIPA + Foreman 1.5
>>
>> On 04/25/2014 09:52 AM, Stephen Benjamin wrote:
>>> ----- Original Message -----
>>>> From: "Dmitri Pal" <dpal at redhat.com>
>>>> To: "Martin Kosek" <mkosek at redhat.com>, "Stephen Benjamin"
>>>> <stbenjam at redhat.com>
>>>> Cc: "Jan Cholasta" <jcholast at redhat.com>, freeipa-users at redhat.com, "Tomas
>>>> Babej" <tbabej at redhat.com>
>>>> Sent: Friday, April 25, 2014 3:42:39 PM
>>>> Subject: Re: [Freeipa-users] FreeIPA + Foreman 1.5
>>>>
>>>> Are you planning to have a toggle for SSH integration?
>>> There's freeipa_opts to pass options directly to the installer, so a user
>>> can
>>> directly pass anything they want.
>>>
>>> I can add the SSH flag if it's needed and a relatively common one...
>>>
>>> Is there anything else that should be added?
>>>
>>> I still have to give the snippet a workout to ensure it works on
>>> everything,
>>> but seems OK so far, even if it's not going to win any beauty contests.
>>>
>>>    https://github.com/stbenjam/community-templates/blob/freeipa-fixes/snippets/freeipa_register.erb
>>>
>>>
>> Yeah I was not thrilled by sed but if we can't do better for now so be it.
>>
>> Can Foreman have defaults?
>> So that SSH & SUDO are turned on by default but automount is not.
>> I am not sure there is anything else for now.
> Yup, defaults are as you described.
>
> SSH integration can't currently be turned off but I'll add the flag.
>
>
>> We might start getting into more advanced features like provisioning
>> certs for other software components deployed on the same machine later.
>> That however rises a question: is there a way to record in Foreman that
>> the client system has been IPA enrolled, because if it was the software
>> deployed on top might be able to leverage this fact and the
>> configuration of this software would be different if the system is
>> enrolled or not.
> Foreman keeps track of which hosts are registered, so this information is
> available for use.  Certificates could even be managed in Foreman
> via a puppet module (there's one out there for Certmonger, IIRC).

Yes. This is the direction of the further expansion. Let us get back to 
it in couple months.

>
>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

More information about the Freeipa-users mailing list