Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-2189

[Dev] Determine if/how to run IPA as part of the OpenShift deployment (initially for testing keystone-operator tls support)

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Obsolete
    • Icon: Normal Normal
    • None
    • None
    • None
    • None
    • 13
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • ?
    • ?
    • ?
    • 2024Q1

       

      Jira Description

      As a developer I want to create in which I will be able to test IPA together with cert-manager operator so that I can determine if these components work together as well as IPA with certmonger.

       

      Summary

      We want to introduce IPA to the previously created environment with cert-manager and RabbitMQ operators to make sure all of the needed functionalities are implemented. If the are we will be able to proceed describing the final architecture of the TLS Everywhere on OpenShift https://issues.redhat.com/browse/OSP-19016. Please not though, that it was already determined, that FreeIPA will plug into the already working architecture in which cert-manager manages the certificates, so it will be an additional option on how to configure the deployment.

      We might be able to use n experimental https://github.com/freeipa/freeipa-operator, re-use the freeipa playbook (run the container on the host) from director-operator dev/QE: https://github.com/openstack-k8s-operators/osp-director-dev-tools/blob/master/ansible/freeipa.yaml or have a way to setup TLS without FreeIPA.

      In either case we need an instance for testing the keystone-operator TLS support, which will be the template for other services.

       

      Definition of Ready

      When we can consider User Story to be Ready?

      1. Defined clearly enough that all members of the team understand what needs to be done
      2. Includes any required enabling specs. wire frames etc.
      3. Fully meet INVEST criteria for User Stories
      4. Dependencies identified and there is a clear strategy how they will be managed

       

      Prerequisites:

      1. Set up a test environmenthttps://issues.redhat.com/browse/OSP-19150

       

      Acceptance Criteria

      What needs to be done for issue to be considered complete. It helps teams estimate, test and accomplish work. We can think about Acceptance Criteria as "what customer needs".

      1. test certificate provisioning
      2. test certificate rotation
      3. test certificate refresh

      Definition of Done

      When we can consider User Story to be Done:

      1. Perform tests
      2. The results of the verification is a Go - No go statement
      3. The results should be communicated to the PCP team
      4. Next step is to define the final architecture of TLS Everywhere https://issues.redhat.com/browse/OSP-19016

              Unassigned Unassigned
              hrybacki@redhat.com Harry Rybacki (Inactive)
              rhos-dfg-security
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: