Bug 467872 - ovirt assumes local ipa-server
ovirt assumes local ipa-server
Product: Virtualization Tools
Classification: Community
Component: ovirt-server-suite (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Joey Boggs
Depends On:
  Show dependency treegraph
Reported: 2008-10-21 09:15 EDT by Gerd Hoffmann
Modified: 2011-02-11 15:11 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-02-11 15:11:56 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Gerd Hoffmann 2008-10-21 09:15:19 EDT
quite a few places assume the ipa server is running on the same
machine as ovirt and fail if that isn't the case.
Comment 1 Gerd Hoffmann 2008-10-21 09:16:25 EDT
place one: /usr/bin/ovirt-add-host

should use ipa-addservice and ipa-getkeytab instead if kadmin.local
Comment 2 Gerd Hoffmann 2008-10-21 09:18:15 EDT
place two: /etc/httpd/conf.d/ovirt-server.conf

references /etc/httpd/conf/ipa.keytab for the HTTP/$(hostname) service, which doesn't exist without local ipa server.
Comment 3 Gerd Hoffmann 2008-10-21 09:21:05 EDT
place three: /usr/sbin/ovirt-server-install

assumes ovirtadmin user exists already in kerberos/ldap,
which is only the case when using the appliance with local ipa.
Comment 4 Alan Pevec 2008-10-21 10:30:20 EDT
place four: ovirt-server/src/host-browser/host-browser.rb

This one is tricky, since background service will need IPA admin privileges in order to be able to create keytab for the new Node
Comment 5 Alan Pevec 2008-10-21 11:51:28 EDT
also in host-browser.rb: Node keytabs are stored as /usr/share/ipa/html/<Node IP>-libvirt.tab
Comment 6 Alan Pevec 2009-05-13 09:27:35 EDT
Joey, assigning to you since you posted related patch:
Comment 7 Joey Boggs 2009-06-01 09:16:16 EDT
the following patches have been posted to ovirt-devel and are awaiting ack's

[PATCH server] update ovirt-add-host to use ipa commands instead of kadmin.local
[PATCH server] separate ipa common tasks freeipa::common and rename ipa_server_install to ipa_install
[PATCH server] add server-side groundwork for remote freeipa server
[PATCH server] update host-browser to use ipa commands rather than kadmin
[PATCH server] last patch to implement remote freeipa

Note You need to log in before you can comment on or make changes to this bug.