Re: [openstack-dev] [TripleO] FreeIPA integration

nks, Kevin From: Clint Byrum [cl...@fewbar.com] Sent: Thursday, April 07, 2016 6:33 AM To: openstack-dev Subject: Re: [openstack-dev] [TripleO] FreeIPA integration Excerpts from Adam Young's message of 2016-04-05 19:02:58 -0700: > On 04/05/2016 11:42 AM, Fox, Kevin M wrote: >

Re: [openstack-dev] [TripleO] FreeIPA integration

ril 05, 2016 5:16 AM > > *To:* OpenStack Development Mailing List (not for usage questions) > > *Subject:* Re: [openstack-dev] [TripleO] FreeIPA integration > > > > > > > > On Tue, Apr 5, 2016 at 2:45 PM, Fox, Kevin M > <mailto:kevin@pnnl.gov>> w

Re: [openstack-dev] [TripleO] FreeIPA integration

On Wed, Apr 6, 2016 at 5:04 PM, Adam Young wrote: > On 04/06/2016 10:44 AM, Dan Prince wrote: >> >> On Tue, 2016-04-05 at 19:19 -0600, Rich Megginson wrote: >>> >>> On 04/05/2016 07:06 PM, Dan Prince wrote: On Sat, 2016-04-02 at 17:28 -0400, Adam Young wrote: > > I finally have e

Re: [openstack-dev] [TripleO] FreeIPA integration

On 04/06/2016 10:44 AM, Dan Prince wrote: On Tue, 2016-04-05 at 19:19 -0600, Rich Megginson wrote: On 04/05/2016 07:06 PM, Dan Prince wrote: On Sat, 2016-04-02 at 17:28 -0400, Adam Young wrote: I finally have enough understanding of what is going on with Tripleo to reasonably discuss how to im

Re: [openstack-dev] [TripleO] FreeIPA integration

On 04/06/2016 10:38 AM, Hayes, Graham wrote: On 06/04/2016 17:17, Rich Megginson wrote: On 04/06/2016 02:55 AM, Hayes, Graham wrote: On 06/04/16 03:09, Adam Young wrote: On 04/05/2016 08:02 AM, Hayes, Graham wrote: On 02/04/2016 22:33, Adam Young wrote: I finally have enough understanding of

Re: [openstack-dev] [TripleO] FreeIPA integration

On 06/04/2016 17:17, Rich Megginson wrote: > On 04/06/2016 02:55 AM, Hayes, Graham wrote: >> On 06/04/16 03:09, Adam Young wrote: >>> On 04/05/2016 08:02 AM, Hayes, Graham wrote: On 02/04/2016 22:33, Adam Young wrote: > I finally have enough understanding of what is going on with Tripleo t

Re: [openstack-dev] [TripleO] FreeIPA integration

On 04/06/2016 02:55 AM, Hayes, Graham wrote: On 06/04/16 03:09, Adam Young wrote: On 04/05/2016 08:02 AM, Hayes, Graham wrote: On 02/04/2016 22:33, Adam Young wrote: I finally have enough understanding of what is going on with Tripleo to reasonably discuss how to implement solutions for some o

Re: [openstack-dev] [TripleO] FreeIPA integration

Adam Young [ayo...@redhat.com] Sent: Tuesday, April 05, 2016 7:02 PM To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [TripleO] FreeIPA integration On 04/05/2016 11:42 AM, Fox, Kevin M wrote: Yeah, and they just deprecated vendor data plugins too, which eliminates my other workarou

Re: [openstack-dev] [TripleO] FreeIPA integration

On Tue, 2016-04-05 at 19:19 -0600, Rich Megginson wrote: > On 04/05/2016 07:06 PM, Dan Prince wrote: > > > > On Sat, 2016-04-02 at 17:28 -0400, Adam Young wrote: > > > > > > I finally have enough understanding of what is going on with > > > Tripleo > > > to > > > reasonably discuss how to impleme

Re: [openstack-dev] [TripleO] FreeIPA integration

On 06/04/16 03:09, Adam Young wrote: > On 04/05/2016 08:02 AM, Hayes, Graham wrote: >> On 02/04/2016 22:33, Adam Young wrote: >>> I finally have enough understanding of what is going on with Tripleo to >>> reasonably discuss how to implement solutions for some of the main >>> security needs of a de

Re: [openstack-dev] [TripleO] FreeIPA integration

On Wed, Apr 6, 2016 at 4:06 AM, Dan Prince wrote: > On Sat, 2016-04-02 at 17:28 -0400, Adam Young wrote: > > I finally have enough understanding of what is going on with Tripleo > > to > > reasonably discuss how to implement solutions for some of the main > > security needs of a deployment. > > >

Re: [openstack-dev] [TripleO] FreeIPA integration

On 04/05/2016 09:06 PM, Dan Prince wrote: On Sat, 2016-04-02 at 17:28 -0400, Adam Young wrote: I finally have enough understanding of what is going on with Tripleo to reasonably discuss how to implement solutions for some of the main security needs of a deployment. FreeIPA is an identity manag

Re: [openstack-dev] [TripleO] FreeIPA integration

On 04/05/2016 08:02 AM, Hayes, Graham wrote: On 02/04/2016 22:33, Adam Young wrote: I finally have enough understanding of what is going on with Tripleo to reasonably discuss how to implement solutions for some of the main security needs of a deployment. FreeIPA is an identity management solut

Re: [openstack-dev] [TripleO] FreeIPA integration

*From:* Juan Antonio Osorio [jaosor...@gmail.com] *Sent:* Tuesday, April 05, 2016 5:16 AM *To:* OpenStack Development Mailing List (not for usage questions) *Subject:* Re: [openstack-dev] [TripleO] FreeIPA integration On Tue, Apr 5, 2016 at 2:45 PM

Re: [openstack-dev] [TripleO] FreeIPA integration

On 04/05/2016 09:01 AM, Steven Hardy wrote: On Tue, Apr 05, 2016 at 02:07:06PM +0300, Juan Antonio Osorio wrote: On Tue, Apr 5, 2016 at 11:36 AM, Steven Hardy wrote: On Sat, Apr 02, 2016 at 05:28:57PM -0400, Adam Young wrote: > I finally have enough understanding of what is goi

Re: [openstack-dev] [TripleO] FreeIPA integration

On 04/05/2016 07:06 PM, Dan Prince wrote: On Sat, 2016-04-02 at 17:28 -0400, Adam Young wrote: I finally have enough understanding of what is going on with Tripleo to reasonably discuss how to implement solutions for some of the main security needs of a deployment. FreeIPA is an identity manag

Re: [openstack-dev] [TripleO] FreeIPA integration

On Sat, 2016-04-02 at 17:28 -0400, Adam Young wrote: > I finally have enough understanding of what is going on with Tripleo > to  > reasonably discuss how to implement solutions for some of the main  > security needs of a deployment. > > > FreeIPA is an identity management solution that can provi

Re: [openstack-dev] [TripleO] FreeIPA integration

elopment Mailing List (not for usage questions) > *Subject:* Re: [openstack-dev] [TripleO] FreeIPA integration > > > > On Tue, Apr 5, 2016 at 2:45 PM, Fox, Kevin M wrote: > >> This sounds suspiciously like, "how do you get a secret to the instance >> to get a secret fro

Re: [openstack-dev] [TripleO] FreeIPA integration

...@gmail.com] Sent: Tuesday, April 05, 2016 5:16 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [TripleO] FreeIPA integration On Tue, Apr 5, 2016 at 2:45 PM, Fox, Kevin M mailto:kevin@pnnl.gov>> wrote: This sounds suspiciously like, "

Re: [openstack-dev] [TripleO] FreeIPA integration

Having an extra node for FreeIPA spawn up by heat works for me. And it's not a hard-requirement that we have to wire this into the TripleO CI. But the most sustainable approach to having TLS everywhere (at least for the admin and internal endpoints of Openstack, the message broker server nodes and

Re: [openstack-dev] [TripleO] FreeIPA integration

On Tue, Apr 05, 2016 at 02:07:06PM +0300, Juan Antonio Osorio wrote: >On Tue, Apr 5, 2016 at 11:36 AM, Steven Hardy wrote: > > On Sat, Apr 02, 2016 at 05:28:57PM -0400, Adam Young wrote: > > I finally have enough understanding of what is going on with Tripleo > to > > reas

Re: [openstack-dev] [TripleO] FreeIPA integration

t it was deprecated recently. So bummer :/ > > Nova instance user spec again? > > Thanks, > Kevin > > -- > *From:* Juan Antonio Osorio > *Sent:* Tuesday, April 05, 2016 4:07:06 AM > *To:* OpenStack Development Mailing List (not for usage que

Re: [openstack-dev] [TripleO] FreeIPA integration

On 02/04/2016 22:33, Adam Young wrote: > I finally have enough understanding of what is going on with Tripleo to > reasonably discuss how to implement solutions for some of the main > security needs of a deployment. > > > FreeIPA is an identity management solution that can provide support for: > >

Re: [openstack-dev] [TripleO] FreeIPA integration

evelopment Mailing List (not for usage questions) Subject: Re: [openstack-dev] [TripleO] FreeIPA integration On Tue, Apr 5, 2016 at 11:36 AM, Steven Hardy mailto:sha...@redhat.com>> wrote: On Sat, Apr 02, 2016 at 05:28:57PM -0400, Adam Young wrote: > I finally have enough understanding

Re: [openstack-dev] [TripleO] FreeIPA integration

On Tue, Apr 5, 2016 at 11:36 AM, Steven Hardy wrote: > On Sat, Apr 02, 2016 at 05:28:57PM -0400, Adam Young wrote: > > I finally have enough understanding of what is going on with Tripleo to > > reasonably discuss how to implement solutions for some of the main > security > > needs of a deploymen

Re: [openstack-dev] [TripleO] FreeIPA integration

On the certificate management side I had presented this blueprint* https://review.openstack.org/#/c/282307/ *which proposes FreeIPA as the reference solution. There the steps are described however, I did leave away where the FreeIPA instance will be instal

Re: [openstack-dev] [TripleO] FreeIPA integration

On Sat, Apr 02, 2016 at 05:28:57PM -0400, Adam Young wrote: > I finally have enough understanding of what is going on with Tripleo to > reasonably discuss how to implement solutions for some of the main security > needs of a deployment. > > > FreeIPA is an identity management solution that can pr

[openstack-dev] [TripleO] FreeIPA integration

I finally have enough understanding of what is going on with Tripleo to reasonably discuss how to implement solutions for some of the main security needs of a deployment. FreeIPA is an identity management solution that can provide support for: 1. TLS on all network communications: A. HTTPS