Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2017681

Summary: Do not require ipa-client by ovirt-host
Product: Red Hat Enterprise Virtualization Manager Reporter: Ales Musil <amusil>
Component: ovirt-hostAssignee: Sandro Bonazzola <sbonazzo>
Status: CLOSED WONTFIX QA Contact: Pavol Brilla <pbrilla>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.4.9CC: arachman, didi, gdeolive, lveyde, michal.skrivanek, mperina, mtessun, sanja, wsato
Target Milestone: ---Keywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-02-21 11:03:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ales Musil 2021-10-27 08:31:15 UTC
Description of problem:
ipa-client is required by RHVH but should not be mandatory for ovirt-host, it has direct dependency on krb5-workstation which is not allowed by DISA STIG security profile.

Comment 1 Martin Perina 2021-10-27 09:20:24 UTC
Can we remove the dependency from ovirt-host, but leave a package installed on RHVH? That way it will be removed only DISA STIG hardening is applied, but host stays functional as hypervisor.

Comment 2 Sandro Bonazzola 2021-10-27 09:48:16 UTC
This doesn't solve DISA-STIG support for RHV-H right? Wouldn't it be better to solve with scap profile for RHV?
CC @wsato 

@mtessun what do you think?

Comment 12 Sandro Bonazzola 2022-02-15 13:19:23 UTC
Dropping the "move to optional part" from ovirt-host component as in ovirt it's done via ovirt-release rpm and in RHV it's done via adding the packages to the RHV-H channel.

Comment 15 Sandro Bonazzola 2022-02-21 10:05:43 UTC
It has been decided to revert this change and adjust the SCAP guide instead.