[openstack-dev] [TripleO] FreeIPA integration
Clint Byrum
clint at fewbar.com
Thu Apr 7 13:33:57 UTC 2016
Excerpts from Adam Young's message of 2016-04-05 19:02:58 -0700:
> On 04/05/2016 11:42 AM, Fox, Kevin M wrote:
> > Yeah, and they just deprecated vendor data plugins too, which
> > eliminates my other workaround. :/
> >
> > We need to really discuss this problem at the summit and get a viable
> > path forward. Its just getting worse. :/
> >
> > Thanks,
> > Kevin
> > ------------------------------------------------------------------------
> > *From:* Juan Antonio Osorio [jaosorior at gmail.com]
> > *Sent:* Tuesday, April 05, 2016 5:16 AM
> > *To:* OpenStack Development Mailing List (not for usage questions)
> > *Subject:* Re: [openstack-dev] [TripleO] FreeIPA integration
> >
> >
> >
> > On Tue, Apr 5, 2016 at 2:45 PM, Fox, Kevin M <Kevin.Fox at pnnl.gov
> > <mailto:Kevin.Fox at pnnl.gov>> wrote:
> >
> > This sounds suspiciously like, "how do you get a secret to the
> > instance to get a secret from the secret store" issue.... :)
> >
> > Yeah, sounds pretty familiar. We were using the nova hooks mechanism
> > for this means, but it was deprecated recently. So bummer :/
> >
> >
> > Nova instance user spec again?
> >
> > Thanks,
> > Kevin
> >
>
> Yep, and we need a solution. I think the right solution is a keypair
> generated on the instance, public key posted by the instace to the
> hypervisor and stored with the instance data in the database. I wrote
> that to the mailing list earlier today.
>
If you log your public SSH host key to the console, this already
happens. No need for hypervisor magic, just scrape your console.
More information about the OpenStack-dev
mailing list