Bug 1304017 - [RFE] Deploy SSSD with OpenStack Director
[RFE] Deploy SSSD with OpenStack Director
Status: CLOSED DUPLICATE of bug 1409911
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director (Show other bugs)
8.0 (Liberty)
Unspecified Linux
unspecified Severity unspecified
: ---
: 10.0 (Newton)
Assigned To: Hugh Brock
Shai Revivo
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2016-02-02 12:01 EST by Freddy Wissing
Modified: 2017-01-09 10:57 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-01-09 10:57:06 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Freddy Wissing 2016-02-02 12:01:34 EST
Some customers have use cases where they join machines to their domains and using SSSD for controlling the auth, permissions, and sudo rights on Linux systems.  

This particular customer has designs to accomplish this with all their OSP nodes that are provisioned.

This RFE seeks the ability to do that, perhaps by encapsulating it in a heat template that would allow for the packages to be installed and then provide variables that would allow for them to populate the configuration for kerberos and sssd.  

It is acknowledged that some part of this process would need to be manual on the DC side of things, but for deployment it would be a nice time saver.


Currently the customer is achieving this with a script that runs post deployment that installs the proper packages, drops the config files in place, and enables the service.  The largest manual part of the process is having an object created on the DC and then generating the proper keytab file based on hostname for the machine.  If there were a place holder for the ability to have a file share that the file would then get copied from that would be awesome; however it is just as well that there would be a template where you could pass in the proper realm information and an associated module in puppet that would install the sssd packages and generate/append the sssd.conf and krb5.conf files to automate the process during deployment.  For point of reference this would apply to the OpenStack nodes and not necessarily the instances that are launched in the stack.
Comment 2 Mike Burns 2016-04-07 17:07:13 EDT
This bug did not make the OSP 8.0 release.  It is being deferred to OSP 10.
Comment 4 Nathan Kinder 2017-01-09 10:57:06 EST
This functionality is being provided by the upcoming novajoin service, which joins the OSP nodes to IdM automatically at deployment time.  Closing this as a duplicate of the feature bug for novajoin.

*** This bug has been marked as a duplicate of bug 1409911 ***

Note You need to log in before you can comment on or make changes to this bug.