Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-07 Thread Fox, Kevin M
From: Clint Byrum [cl...@fewbar.com] Sent: Thursday, April 07, 2016 6:33 AM To: openstack-dev Subject: Re: [openstack-dev] [TripleO] FreeIPA integration Excerpts from Adam Young's message of 2016-04-05 19:02:58 -0700: > On 04/05/2016 11:42 AM, Fox, Kevin M wrote: > > Yeah, and

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-07 Thread Clint Byrum
, April 05, 2016 5:16 AM > > *To:* OpenStack Development Mailing List (not for usage questions) > > *Subject:* Re: [openstack-dev] [TripleO] FreeIPA integration > > > > > > > > On Tue, Apr 5, 2016 at 2:45 PM, Fox, Kevin M <kevin@pnnl.gov > > <mailto:kevin

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-06 Thread Adam Young
On 04/06/2016 10:44 AM, Dan Prince wrote: On Tue, 2016-04-05 at 19:19 -0600, Rich Megginson wrote: On 04/05/2016 07:06 PM, Dan Prince wrote: On Sat, 2016-04-02 at 17:28 -0400, Adam Young wrote: I finally have enough understanding of what is going on with Tripleo to reasonably discuss how to

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-06 Thread Rich Megginson
On 04/06/2016 10:38 AM, Hayes, Graham wrote: On 06/04/2016 17:17, Rich Megginson wrote: On 04/06/2016 02:55 AM, Hayes, Graham wrote: On 06/04/16 03:09, Adam Young wrote: On 04/05/2016 08:02 AM, Hayes, Graham wrote: On 02/04/2016 22:33, Adam Young wrote: I finally have enough understanding

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-06 Thread Hayes, Graham
On 06/04/2016 17:17, Rich Megginson wrote: > On 04/06/2016 02:55 AM, Hayes, Graham wrote: >> On 06/04/16 03:09, Adam Young wrote: >>> On 04/05/2016 08:02 AM, Hayes, Graham wrote: On 02/04/2016 22:33, Adam Young wrote: > I finally have enough understanding of what is going on with Tripleo

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-06 Thread Rich Megginson
On 04/06/2016 02:55 AM, Hayes, Graham wrote: On 06/04/16 03:09, Adam Young wrote: On 04/05/2016 08:02 AM, Hayes, Graham wrote: On 02/04/2016 22:33, Adam Young wrote: I finally have enough understanding of what is going on with Tripleo to reasonably discuss how to implement solutions for some

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-06 Thread Fox, Kevin M
[ayo...@redhat.com] Sent: Tuesday, April 05, 2016 7:02 PM To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [TripleO] FreeIPA integration On 04/05/2016 11:42 AM, Fox, Kevin M wrote: Yeah, and they just deprecated vendor data plugins too, which eliminates my other workaround. :/ We

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-06 Thread Dan Prince
On Tue, 2016-04-05 at 19:19 -0600, Rich Megginson wrote: > On 04/05/2016 07:06 PM, Dan Prince wrote: > > > > On Sat, 2016-04-02 at 17:28 -0400, Adam Young wrote: > > > > > > I finally have enough understanding of what is going on with > > > Tripleo > > > to > > > reasonably discuss how to

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Juan Antonio Osorio
On Wed, Apr 6, 2016 at 4:06 AM, Dan Prince wrote: > On Sat, 2016-04-02 at 17:28 -0400, Adam Young wrote: > > I finally have enough understanding of what is going on with Tripleo > > to > > reasonably discuss how to implement solutions for some of the main > > security needs

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Adam Young
On 04/05/2016 09:06 PM, Dan Prince wrote: On Sat, 2016-04-02 at 17:28 -0400, Adam Young wrote: I finally have enough understanding of what is going on with Tripleo to reasonably discuss how to implement solutions for some of the main security needs of a deployment. FreeIPA is an identity

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Adam Young
On 04/05/2016 08:02 AM, Hayes, Graham wrote: On 02/04/2016 22:33, Adam Young wrote: I finally have enough understanding of what is going on with Tripleo to reasonably discuss how to implement solutions for some of the main security needs of a deployment. FreeIPA is an identity management

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Adam Young
*From:* Juan Antonio Osorio [jaosor...@gmail.com] *Sent:* Tuesday, April 05, 2016 5:16 AM *To:* OpenStack Development Mailing List (not for usage questions) *Subject:* Re: [openstack-dev] [TripleO] FreeIPA integration On Tue, Apr 5, 2016 at 2:45 PM

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Adam Young
On 04/05/2016 09:01 AM, Steven Hardy wrote: On Tue, Apr 05, 2016 at 02:07:06PM +0300, Juan Antonio Osorio wrote: On Tue, Apr 5, 2016 at 11:36 AM, Steven Hardy wrote: On Sat, Apr 02, 2016 at 05:28:57PM -0400, Adam Young wrote: > I finally have enough

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Rich Megginson
On 04/05/2016 07:06 PM, Dan Prince wrote: On Sat, 2016-04-02 at 17:28 -0400, Adam Young wrote: I finally have enough understanding of what is going on with Tripleo to reasonably discuss how to implement solutions for some of the main security needs of a deployment. FreeIPA is an identity

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Dan Prince
On Sat, 2016-04-02 at 17:28 -0400, Adam Young wrote: > I finally have enough understanding of what is going on with Tripleo > to  > reasonably discuss how to implement solutions for some of the main  > security needs of a deployment. > > > FreeIPA is an identity management solution that can

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Juan Antonio Osorio
:16 AM > *To:* OpenStack Development Mailing List (not for usage questions) > *Subject:* Re: [openstack-dev] [TripleO] FreeIPA integration > > > > On Tue, Apr 5, 2016 at 2:45 PM, Fox, Kevin M <kevin@pnnl.gov> wrote: > >> This sounds suspiciously like, "how do you get a

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Fox, Kevin M
...@gmail.com] Sent: Tuesday, April 05, 2016 5:16 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [TripleO] FreeIPA integration On Tue, Apr 5, 2016 at 2:45 PM, Fox, Kevin M <kevin@pnnl.gov<mailto:kevin@pnnl.gov>> wrote: This sounds

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Juan Antonio Osorio
Having an extra node for FreeIPA spawn up by heat works for me. And it's not a hard-requirement that we have to wire this into the TripleO CI. But the most sustainable approach to having TLS everywhere (at least for the admin and internal endpoints of Openstack, the message broker server nodes and

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Steven Hardy
On Tue, Apr 05, 2016 at 02:07:06PM +0300, Juan Antonio Osorio wrote: >On Tue, Apr 5, 2016 at 11:36 AM, Steven Hardy wrote: > > On Sat, Apr 02, 2016 at 05:28:57PM -0400, Adam Young wrote: > > I finally have enough understanding of what is going on with Tripleo >

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Juan Antonio Osorio
t (not for usage questions) > *Subject:* Re: [openstack-dev] [TripleO] FreeIPA integration > > > > On Tue, Apr 5, 2016 at 11:36 AM, Steven Hardy <sha...@redhat.com> wrote: > >> On Sat, Apr 02, 2016 at 05:28:57PM -0400, Adam Young wrote: >> > I finally have eno

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Hayes, Graham
On 02/04/2016 22:33, Adam Young wrote: > I finally have enough understanding of what is going on with Tripleo to > reasonably discuss how to implement solutions for some of the main > security needs of a deployment. > > > FreeIPA is an identity management solution that can provide support for: > >

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Fox, Kevin M
evelopment Mailing List (not for usage questions) Subject: Re: [openstack-dev] [TripleO] FreeIPA integration On Tue, Apr 5, 2016 at 11:36 AM, Steven Hardy <sha...@redhat.com<mailto:sha...@redhat.com>> wrote: On Sat, Apr 02, 2016 at 05:28:57PM -0400, Adam Young wrote: > I finally

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Juan Antonio Osorio
On Tue, Apr 5, 2016 at 11:36 AM, Steven Hardy wrote: > On Sat, Apr 02, 2016 at 05:28:57PM -0400, Adam Young wrote: > > I finally have enough understanding of what is going on with Tripleo to > > reasonably discuss how to implement solutions for some of the main > security > >

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Juan Antonio Osorio
On the certificate management side I had presented this blueprint* https://review.openstack.org/#/c/282307/ *which proposes FreeIPA as the reference solution. There the steps are described however, I did leave away where the FreeIPA instance will be

Re: [openstack-dev] [TripleO] FreeIPA integration

2016-04-05 Thread Steven Hardy
On Sat, Apr 02, 2016 at 05:28:57PM -0400, Adam Young wrote: > I finally have enough understanding of what is going on with Tripleo to > reasonably discuss how to implement solutions for some of the main security > needs of a deployment. > > > FreeIPA is an identity management solution that can

[openstack-dev] [TripleO] FreeIPA integration

2016-04-02 Thread Adam Young
I finally have enough understanding of what is going on with Tripleo to reasonably discuss how to implement solutions for some of the main security needs of a deployment. FreeIPA is an identity management solution that can provide support for: 1. TLS on all network communications: A.