Bug 1516194

Summary: [downstream clone - 4.1.8] [RFE] Provide IdM client software in RHVH
Product: Red Hat Enterprise Virtualization Manager Reporter: rhev-integ
Component: ovirt-hostAssignee: Sandro Bonazzola <sbonazzo>
Status: CLOSED ERRATA QA Contact: Pavol Brilla <pbrilla>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.2.0CC: cshao, dfediuck, dguo, fgarciad, huzhao, jiawu, lsurette, mgoldboi, parmstro, pstehlik, qiyuan, rbarry, sbonazzo, srevivo, trichard, vinicius, wdh, weiwang, yaniwang, ycui, ykaul, yzhao, zhuchkov.alex
Target Milestone: ovirt-4.1.8Keywords: FutureFeature, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
The ipa-client package is now installed on hosts, and is included in the Red Hat Virtualization Host image. This enables Cockpit certificate signing and SSO with Red Hat IdM, and adding the host to an IdM realm.
 Story Points: ---
Clone Of: 1490041 Environment:
Last Closed: 2017-12-12 09:24:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Node RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1490041    
Bug Blocks:    

Description rhev-integ 2017-11-22 09:09:25 UTC 
+++ This bug is a downstream clone. The original bug is: +++
+++   bug 1490041 +++
======================================================================

Description of problem: To integrate cockpit certificate signing and SSO with Red Hat IdM RHVH needs to include ipa-client rpms. Also, looking to apply ansible playbook to generate certificate and need ansible user to kinit on host with keytab. These require that the rhvh host be part of the IdM realm. This is not simple without the IdM client. I am not aware of a restriction in the implementation of rhv that prevents this.  


Version-Release number of selected component (if applicable): 4.2.0


How reproducible: Always.


Steps to Reproduce:
1. Install hypervisor
2. Try to install ipa-client
3. Fail

Actual results:
Package not available

Expected results:
Package installs
Run and configure ipa-client using ipa-client-install


Additional info:

(Originally by Paul Armstrong)
Comment 1 rhev-integ 2017-11-22 09:09:37 UTC 
Is this a bug or feature request? Is it upstream or comes from a customer? What's the severity?

(Originally by Yaniv Kaul)
Comment 5 rhev-integ 2017-11-22 09:09:57 UTC 
Test steps:
rhvh-4.1-0.20170914.0+1

Test steps:
1. Install hypervisor
2. Register to RHSM
3. Try to install ipa-client

Test result:
ipa-client package not available.

(Originally by Chen Shao)
Comment 6 rhev-integ 2017-11-22 09:10:04 UTC 
We'll target this as a multi product errata shipped in the RHVH channel rather than including it as part of the image.

(Originally by Ryan Barry)
Comment 7 rhev-integ 2017-11-22 09:10:13 UTC 
Yuval - can you please take care of a multi-product errata for this?

(Originally by Ryan Barry)
Comment 8 rhev-integ 2017-11-22 09:10:20 UTC 
Waiting for PM approval since this will pull in more than 60 packages.
I'm conditionally nacking this bug on design, since I don't think it's a good design to tag so many packages into rhv-h channel.

(Originally by Sandro Bonazzola)
Comment 14 rhev-integ 2017-11-22 09:11:03 UTC 
ipa-client is shipped within rhel-7-server-rpms channel so we can just include it.

(Originally by Sandro Bonazzola)
Comment 15 Pavol Brilla 2017-11-30 07:35:19 UTC 
# yum list redhat-release-virtualization-host ipa-client 
Installed Packages
ipa-client.x86_64                                         4.5.0-21.el7_4.2.2                  installed
redhat-release-virtualization-host.x86_64                 4.1-8.1.el7                         installed
Comment 18 errata-xmlrpc 2017-12-12 09:24:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3431