[openstack-dev] [TripleO] FreeIPA integration

Fox, Kevin M Kevin.Fox at pnnl.gov
Thu Apr 7 16:19:53 UTC 2016 

Yeah, the console can be used as a building block to solve it. I'm just saying we should formalize the plumbing enough that it can be relied upon by everyone, instead of asking everyone to reinvent the wheel. Thats partially what the spec's about.

Thanks,
Kevin
________________________________________
From: Clint Byrum [clint at fewbar.com]
Sent: Thursday, April 07, 2016 6:33 AM
To: openstack-dev
Subject: Re: [openstack-dev] [TripleO] FreeIPA integration

Excerpts from Adam Young's message of 2016-04-05 19:02:58 -0700:
> On 04/05/2016 11:42 AM, Fox, Kevin M wrote:
> > Yeah, and they just deprecated vendor data plugins too, which
> > eliminates my other workaround. :/
> >
> > We need to really discuss this problem at the summit and get a viable
> > path forward. Its just getting worse. :/
> >
> > Thanks,
> > Kevin
> > ------------------------------------------------------------------------
> > *From:* Juan Antonio Osorio [jaosorior at gmail.com]
> > *Sent:* Tuesday, April 05, 2016 5:16 AM
> > *To:* OpenStack Development Mailing List (not for usage questions)
> > *Subject:* Re: [openstack-dev] [TripleO] FreeIPA integration
> >
> >
> >
> > On Tue, Apr 5, 2016 at 2:45 PM, Fox, Kevin M <Kevin.Fox at pnnl.gov
> > <mailto:Kevin.Fox at pnnl.gov>> wrote:
> >
> >     This sounds suspiciously like, "how do you get a secret to the
> >     instance to get a secret from the secret store" issue.... :)
> >
> > Yeah, sounds pretty familiar. We were using the nova hooks mechanism
> > for this means, but it was deprecated recently. So bummer :/
> >
> >
> >     Nova instance user spec again?
> >
> >     Thanks,
> >     Kevin
> >
>
> Yep, and we need a solution.  I think the right solution is a keypair
> generated on the instance, public key posted by the instace to the
> hypervisor and stored with the instance data in the database.  I wrote
> that to the mailing list earlier today.
>

If you log your public SSH host key to the console, this already
happens. No need for hypervisor magic, just scrape your console.

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list