----- Original Message ----- > From: "Dmitri Pal" <[email protected]> > To: "Stephen Benjamin" <[email protected]> > Cc: "Martin Kosek" <[email protected]>, "Jan Cholasta" <[email protected]>, > [email protected], "Tomas Babej" > <[email protected]> > Sent: Friday, April 25, 2014 3:59:31 PM > Subject: Re: [Freeipa-users] FreeIPA + Foreman 1.5 > > On 04/25/2014 09:52 AM, Stephen Benjamin wrote: > > > > ----- Original Message ----- > >> From: "Dmitri Pal" <[email protected]> > >> To: "Martin Kosek" <[email protected]>, "Stephen Benjamin" > >> <[email protected]> > >> Cc: "Jan Cholasta" <[email protected]>, [email protected], "Tomas > >> Babej" <[email protected]> > >> Sent: Friday, April 25, 2014 3:42:39 PM > >> Subject: Re: [Freeipa-users] FreeIPA + Foreman 1.5 > >> > >> Are you planning to have a toggle for SSH integration? > > There's freeipa_opts to pass options directly to the installer, so a user > > can > > directly pass anything they want. > > > > I can add the SSH flag if it's needed and a relatively common one... > > > > Is there anything else that should be added? > > > > I still have to give the snippet a workout to ensure it works on > > everything, > > but seems OK so far, even if it's not going to win any beauty contests. > > > > > > https://github.com/stbenjam/community-templates/blob/freeipa-fixes/snippets/freeipa_register.erb > > > > > Yeah I was not thrilled by sed but if we can't do better for now so be it. > > Can Foreman have defaults? > So that SSH & SUDO are turned on by default but automount is not. > I am not sure there is anything else for now.
Yup, defaults are as you described. SSH integration can't currently be turned off but I'll add the flag. > We might start getting into more advanced features like provisioning > certs for other software components deployed on the same machine later. > That however rises a question: is there a way to record in Foreman that > the client system has been IPA enrolled, because if it was the software > deployed on top might be able to leverage this fact and the > configuration of this software would be different if the system is > enrolled or not. Foreman keeps track of which hosts are registered, so this information is available for use. Certificates could even be managed in Foreman via a puppet module (there's one out there for Certmonger, IIRC). > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
