I was thinking about this the other day... How do you de-register instances from freeipa when the instance is deleted? Is there a missing feature in vendordata there that you need? Michael On Fri, Nov 11, 2016 at 2:01 AM, Rob Crittenden <rcritten at redhat.com> wrote: > Wanted to let you know I'm working on a nova metadata vendordata plugin > that will help automate instance enrollment into a freeIPA server. > > This will do a number of things for a user: > - provide centralized user identity, sudo and host-based access control > for the instances > - provide the instance an identity it can use for itself > - using this identity a host can obtain SSL certificates for itself from > your freeIPA CA > > If ipa_enroll is set to True in the instance metadata (or in the image > metadata) when a nova instance is spawned then a one-time password will > be created and IPA enrollment will occur during the cloud-init stage. > > Code is currently at https://github.com/rcritten/novajoin > > rob > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180305/2cb22948/attachment.html>