[openstack-dev] [TripleO] FreeIPA integration

Clint Byrum clint at fewbar.com
Thu Apr 7 13:33:57 UTC 2016


Excerpts from Adam Young's message of 2016-04-05 19:02:58 -0700:
> On 04/05/2016 11:42 AM, Fox, Kevin M wrote:
> > Yeah, and they just deprecated vendor data plugins too, which 
> > eliminates my other workaround. :/
> >
> > We need to really discuss this problem at the summit and get a viable 
> > path forward. Its just getting worse. :/
> >
> > Thanks,
> > Kevin
> > ------------------------------------------------------------------------
> > *From:* Juan Antonio Osorio [jaosorior at gmail.com]
> > *Sent:* Tuesday, April 05, 2016 5:16 AM
> > *To:* OpenStack Development Mailing List (not for usage questions)
> > *Subject:* Re: [openstack-dev] [TripleO] FreeIPA integration
> >
> >
> >
> > On Tue, Apr 5, 2016 at 2:45 PM, Fox, Kevin M <Kevin.Fox at pnnl.gov 
> > <mailto:Kevin.Fox at pnnl.gov>> wrote:
> >
> >     This sounds suspiciously like, "how do you get a secret to the
> >     instance to get a secret from the secret store" issue.... :)
> >
> > Yeah, sounds pretty familiar. We were using the nova hooks mechanism 
> > for this means, but it was deprecated recently. So bummer :/
> >
> >
> >     Nova instance user spec again?
> >
> >     Thanks,
> >     Kevin
> >
> 
> Yep, and we need a solution.  I think the right solution is a keypair 
> generated on the instance, public key posted by the instace to the 
> hypervisor and stored with the instance data in the database.  I wrote 
> that to the mailing list earlier today.
> 

If you log your public SSH host key to the console, this already
happens. No need for hypervisor magic, just scrape your console.



More information about the OpenStack-dev mailing list