Bug 1516194 - [downstream clone - 4.1.8] [RFE] Provide IdM client software in RHVH
Summary: [downstream clone - 4.1.8] [RFE] Provide IdM client software in RHVH
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-host
Version: 4.2.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ovirt-4.1.8
: ---
Assignee: Sandro Bonazzola
QA Contact: Pavol Brilla
URL:
Whiteboard:
Depends On: 1490041
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-22 09:09 UTC by rhev-integ
Modified: 2019-04-28 13:46 UTC (History)
23 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
The ipa-client package is now installed on hosts, and is included in the Red Hat Virtualization Host image. This enables Cockpit certificate signing and SSO with Red Hat IdM, and adding the host to an IdM realm.
Clone Of: 1490041
Environment:
Last Closed: 2017-12-12 09:24:45 UTC
oVirt Team: Node
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:3431 0 normal SHIPPED_LIVE redhat-virtualization-host bug fix, and enhancement update for RHV 4.1.8 2017-12-12 14:17:28 UTC
oVirt gerrit 84484 0 None MERGED add ipa-client to hosts 2021-01-22 04:27:51 UTC
oVirt gerrit 84498 0 ovirt-4.1 MERGED node: add ipa-client dependency 2021-01-22 04:27:51 UTC

Description rhev-integ 2017-11-22 09:09:25 UTC 
+++ This bug is a downstream clone. The original bug is: +++
+++   bug 1490041 +++
======================================================================

Description of problem: To integrate cockpit certificate signing and SSO with Red Hat IdM RHVH needs to include ipa-client rpms. Also, looking to apply ansible playbook to generate certificate and need ansible user to kinit on host with keytab. These require that the rhvh host be part of the IdM realm. This is not simple without the IdM client. I am not aware of a restriction in the implementation of rhv that prevents this.  


Version-Release number of selected component (if applicable): 4.2.0


How reproducible: Always.


Steps to Reproduce:
1. Install hypervisor
2. Try to install ipa-client
3. Fail

Actual results:
Package not available

Expected results:
Package installs
Run and configure ipa-client using ipa-client-install


Additional info:

(Originally by Paul Armstrong)
Comment 1 rhev-integ 2017-11-22 09:09:37 UTC 
Is this a bug or feature request? Is it upstream or comes from a customer? What's the severity?

(Originally by Yaniv Kaul)
Comment 5 rhev-integ 2017-11-22 09:09:57 UTC 
Test steps:
rhvh-4.1-0.20170914.0+1

Test steps:
1. Install hypervisor
2. Register to RHSM
3. Try to install ipa-client

Test result:
ipa-client package not available.

(Originally by Chen Shao)
Comment 6 rhev-integ 2017-11-22 09:10:04 UTC 
We'll target this as a multi product errata shipped in the RHVH channel rather than including it as part of the image.

(Originally by Ryan Barry)
Comment 7 rhev-integ 2017-11-22 09:10:13 UTC 
Yuval - can you please take care of a multi-product errata for this?

(Originally by Ryan Barry)
Comment 8 rhev-integ 2017-11-22 09:10:20 UTC 
Waiting for PM approval since this will pull in more than 60 packages.
I'm conditionally nacking this bug on design, since I don't think it's a good design to tag so many packages into rhv-h channel.

(Originally by Sandro Bonazzola)
Comment 14 rhev-integ 2017-11-22 09:11:03 UTC 
ipa-client is shipped within rhel-7-server-rpms channel so we can just include it.

(Originally by Sandro Bonazzola)
Comment 15 Pavol Brilla 2017-11-30 07:35:19 UTC 
# yum list redhat-release-virtualization-host ipa-client 
Installed Packages
ipa-client.x86_64                                         4.5.0-21.el7_4.2.2                  installed
redhat-release-virtualization-host.x86_64                 4.1-8.1.el7                         installed
Comment 18 errata-xmlrpc 2017-12-12 09:24:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3431
Note You need to log in before you can comment on or make changes to this bug.