I was thinking about this the other day... How do you de-register instances from freeipa when the instance is deleted? Is there a missing feature in vendordata there that you need?
Michael On Fri, Nov 11, 2016 at 2:01 AM, Rob Crittenden <rcrit...@redhat.com> wrote: > Wanted to let you know I'm working on a nova metadata vendordata plugin > that will help automate instance enrollment into a freeIPA server. > > This will do a number of things for a user: > - provide centralized user identity, sudo and host-based access control > for the instances > - provide the instance an identity it can use for itself > - using this identity a host can obtain SSL certificates for itself from > your freeIPA CA > > If ipa_enroll is set to True in the instance metadata (or in the image > metadata) when a nova instance is spawned then a one-time password will > be created and IPA enrollment will occur during the cloud-init stage. > > Code is currently at https://github.com/rcritten/novajoin > > rob > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev