Bug 1304017

Summary: [RFE] Deploy SSSD with OpenStack Director
Product: Red Hat OpenStack Reporter: Freddy Wissing <fwissing>
Component: rhosp-directorAssignee: Hugh Brock <hbrock>
Status: CLOSED DUPLICATE QA Contact: Shai Revivo <srevivo>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.0 (Liberty)CC: jcoufal, mburns, nkinder, rhel-osp-director-maint
Target Milestone: ---Keywords: FutureFeature
Target Release: 10.0 (Newton)   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-09 15:57:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Freddy Wissing 2016-02-02 17:01:34 UTC
Some customers have use cases where they join machines to their domains and using SSSD for controlling the auth, permissions, and sudo rights on Linux systems.  

This particular customer has designs to accomplish this with all their OSP nodes that are provisioned.

This RFE seeks the ability to do that, perhaps by encapsulating it in a heat template that would allow for the packages to be installed and then provide variables that would allow for them to populate the configuration for kerberos and sssd.  

It is acknowledged that some part of this process would need to be manual on the DC side of things, but for deployment it would be a nice time saver.

====

Currently the customer is achieving this with a script that runs post deployment that installs the proper packages, drops the config files in place, and enables the service.  The largest manual part of the process is having an object created on the DC and then generating the proper keytab file based on hostname for the machine.  If there were a place holder for the ability to have a file share that the file would then get copied from that would be awesome; however it is just as well that there would be a template where you could pass in the proper realm information and an associated module in puppet that would install the sssd packages and generate/append the sssd.conf and krb5.conf files to automate the process during deployment.  For point of reference this would apply to the OpenStack nodes and not necessarily the instances that are launched in the stack.

Comment 2 Mike Burns 2016-04-07 21:07:13 UTC
This bug did not make the OSP 8.0 release.  It is being deferred to OSP 10.

Comment 4 Nathan Kinder 2017-01-09 15:57:06 UTC
This functionality is being provided by the upcoming novajoin service, which joins the OSP nodes to IdM automatically at deployment time.  Closing this as a duplicate of the feature bug for novajoin.

*** This bug has been marked as a duplicate of bug 1409911 ***