Red Hat Bugzilla – Bug 1304017
[RFE] Deploy SSSD with OpenStack Director
Last modified: 2017-01-09 10:57:06 EST
Some customers have use cases where they join machines to their domains and using SSSD for controlling the auth, permissions, and sudo rights on Linux systems.
This particular customer has designs to accomplish this with all their OSP nodes that are provisioned.
This RFE seeks the ability to do that, perhaps by encapsulating it in a heat template that would allow for the packages to be installed and then provide variables that would allow for them to populate the configuration for kerberos and sssd.
It is acknowledged that some part of this process would need to be manual on the DC side of things, but for deployment it would be a nice time saver.
Currently the customer is achieving this with a script that runs post deployment that installs the proper packages, drops the config files in place, and enables the service. The largest manual part of the process is having an object created on the DC and then generating the proper keytab file based on hostname for the machine. If there were a place holder for the ability to have a file share that the file would then get copied from that would be awesome; however it is just as well that there would be a template where you could pass in the proper realm information and an associated module in puppet that would install the sssd packages and generate/append the sssd.conf and krb5.conf files to automate the process during deployment. For point of reference this would apply to the OpenStack nodes and not necessarily the instances that are launched in the stack.
This bug did not make the OSP 8.0 release. It is being deferred to OSP 10.
This functionality is being provided by the upcoming novajoin service, which joins the OSP nodes to IdM automatically at deployment time. Closing this as a duplicate of the feature bug for novajoin.
*** This bug has been marked as a duplicate of bug 1409911 ***