Bug List: (8 of 50)
Bug 2017681 - Do not require ipa-client by ovirt-host
Summary: Do not require ipa-client by ovirt-host
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-host
Version: 4.4.9
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Sandro Bonazzola
QA Contact: Pavol Brilla
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-10-27 08:31 UTC by Ales Musil
Modified: 2022-02-21 11:04 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-02-21 11:03:47 UTC
oVirt Team: Integration
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github oVirt ovirt-release pull 92 0 None Merged node-optional.el8: add missing deps for ipa-client 2022-01-28 15:48:34 UTC
Github oVirt ovirt-release pull 95 0 None open node-optional.el9: add missing deps for ipa-client 2022-01-28 15:48:34 UTC
Red Hat Issue Tracker RHV-43881 0 None None None 2021-10-27 11:38:42 UTC
oVirt gerrit 117531 0 master MERGED packaging: only recommend ipa-client 2021-12-02 11:07:42 UTC
oVirt gerrit 117533 0 master ABANDONED WIP node: make ipa-client available as optional 2021-11-17 09:52:21 UTC

Description Ales Musil 2021-10-27 08:31:15 UTC 
Description of problem:
ipa-client is required by RHVH but should not be mandatory for ovirt-host, it has direct dependency on krb5-workstation which is not allowed by DISA STIG security profile.
Comment 1 Martin Perina 2021-10-27 09:20:24 UTC 
Can we remove the dependency from ovirt-host, but leave a package installed on RHVH? That way it will be removed only DISA STIG hardening is applied, but host stays functional as hypervisor.
Comment 2 Sandro Bonazzola 2021-10-27 09:48:16 UTC 
This doesn't solve DISA-STIG support for RHV-H right? Wouldn't it be better to solve with scap profile for RHV?
CC @wsato 

@mtessun what do you think?
Comment 12 Sandro Bonazzola 2022-02-15 13:19:23 UTC 
Dropping the "move to optional part" from ovirt-host component as in ovirt it's done via ovirt-release rpm and in RHV it's done via adding the packages to the RHV-H channel.
Comment 15 Sandro Bonazzola 2022-02-21 10:05:43 UTC 
It has been decided to revert this change and adjust the SCAP guide instead.
Note You need to log in before you can comment on or make changes to this bug.
Bug List: (8 of 50)