Category Archives: Foreman

Future thoughts on host groups, Foreman, OpenStack and IPA

Get ready for a ramble…

IPA has hostgroups. Foreman has hostgroups. Openstack-Foreman-Installer (aka astapor) has hostgroups. Wouldn’t it be great to somehow link them together into one cohesive package?

Foreman already has some integration via its realm smartproxy. When provisioning a host you can set the class of this host which, via the magic of automember in IPA, will add it to the appropriate hostgroup. But this is really separate from anything happening with Foreman.

Foreman has a host group concept which defines the list of puppet modules and other environment for a group of hosts.

Might there be a way to combine the two, so that hosts could have consistent naming, be associated with proper IPA hostgroups? If so then some more interesting policies could be applied, including:

  • Unified HBAC policies on the hosts to control access
  • The ability to have ipa-getkeytab re-fetch a keytab to maintain naming consistency for load-balancing.
  • Once IPA has support for multiple certificate profiles, providing hostgroup-specific profiles for certain types of service hosts within OpenStack