Bug 467872
Summary: | ovirt assumes local ipa-server | ||
---|---|---|---|
Product: | [Community] Virtualization Tools | Reporter: | Gerd Hoffmann <kraxel> |
Component: | ovirt-server-suite | Assignee: | Joey Boggs <jboggs> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | apevec, ovirt-bugs, ovirt-maint |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-02-11 20:11:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Gerd Hoffmann
2008-10-21 13:15:19 UTC
place one: /usr/bin/ovirt-add-host should use ipa-addservice and ipa-getkeytab instead if kadmin.local place two: /etc/httpd/conf.d/ovirt-server.conf references /etc/httpd/conf/ipa.keytab for the HTTP/$(hostname) service, which doesn't exist without local ipa server. place three: /usr/sbin/ovirt-server-install assumes ovirtadmin user exists already in kerberos/ldap, which is only the case when using the appliance with local ipa. place four: ovirt-server/src/host-browser/host-browser.rb This one is tricky, since background service will need IPA admin privileges in order to be able to create keytab for the new Node also in host-browser.rb: Node keytabs are stored as /usr/share/ipa/html/<Node IP>-libvirt.tab Joey, assigning to you since you posted related patch: https://www.redhat.com/archives/ovirt-devel/2009-May/msg00033.html the following patches have been posted to ovirt-devel and are awaiting ack's [PATCH server] update ovirt-add-host to use ipa commands instead of kadmin.local [PATCH server] separate ipa common tasks freeipa::common and rename ipa_server_install to ipa_install [PATCH server] add server-side groundwork for remote freeipa server [PATCH server] update host-browser to use ipa commands rather than kadmin [PATCH server] last patch to implement remote freeipa |