Bug 467872

Summary: ovirt assumes local ipa-server
Product: [Community] Virtualization Tools Reporter: Gerd Hoffmann <kraxel>
Component: ovirt-server-suiteAssignee: Joey Boggs <jboggs>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: apevec, ovirt-bugs, ovirt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-02-11 20:11:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gerd Hoffmann 2008-10-21 13:15:19 UTC 
quite a few places assume the ipa server is running on the same
machine as ovirt and fail if that isn't the case.
Comment 1 Gerd Hoffmann 2008-10-21 13:16:25 UTC 
place one: /usr/bin/ovirt-add-host

should use ipa-addservice and ipa-getkeytab instead if kadmin.local
Comment 2 Gerd Hoffmann 2008-10-21 13:18:15 UTC 
place two: /etc/httpd/conf.d/ovirt-server.conf

references /etc/httpd/conf/ipa.keytab for the HTTP/$(hostname) service, which doesn't exist without local ipa server.
Comment 3 Gerd Hoffmann 2008-10-21 13:21:05 UTC 
place three: /usr/sbin/ovirt-server-install

assumes ovirtadmin user exists already in kerberos/ldap,
which is only the case when using the appliance with local ipa.
Comment 4 Alan Pevec 2008-10-21 14:30:20 UTC 
place four: ovirt-server/src/host-browser/host-browser.rb

This one is tricky, since background service will need IPA admin privileges in order to be able to create keytab for the new Node
Comment 5 Alan Pevec 2008-10-21 15:51:28 UTC 
also in host-browser.rb: Node keytabs are stored as /usr/share/ipa/html/<Node IP>-libvirt.tab
Comment 6 Alan Pevec 2009-05-13 13:27:35 UTC 
Joey, assigning to you since you posted related patch:
https://www.redhat.com/archives/ovirt-devel/2009-May/msg00033.html
Comment 7 Joey Boggs 2009-06-01 13:16:16 UTC 
the following patches have been posted to ovirt-devel and are awaiting ack's

[PATCH server] update ovirt-add-host to use ipa commands instead of kadmin.local
[PATCH server] separate ipa common tasks freeipa::common and rename ipa_server_install to ipa_install
[PATCH server] add server-side groundwork for remote freeipa server
[PATCH server] update host-browser to use ipa commands rather than kadmin
[PATCH server] last patch to implement remote freeipa