Red Hat Bugzilla – Bug 467872
ovirt assumes local ipa-server
Last modified: 2011-02-11 15:11:56 EST
quite a few places assume the ipa server is running on the same
machine as ovirt and fail if that isn't the case.
place one: /usr/bin/ovirt-add-host
should use ipa-addservice and ipa-getkeytab instead if kadmin.local
place two: /etc/httpd/conf.d/ovirt-server.conf
references /etc/httpd/conf/ipa.keytab for the HTTP/$(hostname) service, which doesn't exist without local ipa server.
place three: /usr/sbin/ovirt-server-install
assumes ovirtadmin user exists already in kerberos/ldap,
which is only the case when using the appliance with local ipa.
place four: ovirt-server/src/host-browser/host-browser.rb
This one is tricky, since background service will need IPA admin privileges in order to be able to create keytab for the new Node
also in host-browser.rb: Node keytabs are stored as /usr/share/ipa/html/<Node IP>-libvirt.tab
Joey, assigning to you since you posted related patch:
the following patches have been posted to ovirt-devel and are awaiting ack's
[PATCH server] update ovirt-add-host to use ipa commands instead of kadmin.local
[PATCH server] separate ipa common tasks freeipa::common and rename ipa_server_install to ipa_install
[PATCH server] add server-side groundwork for remote freeipa server
[PATCH server] update host-browser to use ipa commands rather than kadmin
[PATCH server] last patch to implement remote freeipa