diff --git a/doc/source/kerberos.rst b/doc/source/kerberos.rst index 748e57f45e..014770075c 100644 --- a/doc/source/kerberos.rst +++ b/doc/source/kerberos.rst @@ -46,9 +46,9 @@ Set up host principals for slave propogation:: # execute kadmin.local then run these commands addprinc -randkey host/kdc01.openstack.org - addprinc -randkey host/kdc02.openstack.org + addprinc -randkey host/kdc04.openstack.org ktadd host/kdc01.openstack.org - ktadd host/kdc02.openstack.org + ktadd host/kdc04.openstack.org Copy the file `/etc/krb5.keytab` to the second kdc host. @@ -105,8 +105,8 @@ Should you need perform maintenance on the kerberos server that requires taking kerberos processes offline you can do this by performing your updates on a single server at a time. -`kdc01.openstack.org` is our primary server and `kdc02.openstack.org` -is the hot standby. Perform your maintenance on `kdc02.openstack.org` +`kdc01.openstack.org` is our primary server and `kdc04.openstack.org` +is the hot standby. Perform your maintenance on `kdc04.openstack.org` first. Then once that is done we can prepare for taking down the primary. On `kdc01.openstack.org` run:: @@ -114,7 +114,7 @@ primary. On `kdc01.openstack.org` run:: You should see:: - Database propagation to kdc02.openstack.org: SUCCEEDED + Database propagation to kdc04.openstack.org: SUCCEEDED Once this is done the standby server is ready and we can take kdc01 offline. When kdc01 is back online rerun `run-kprop.sh` to ensure @@ -128,7 +128,7 @@ Kerberos uses the following DNS entries:: _kpasswd._udp.openstack.org. 300 IN SRV 0 0 464 kdc01.openstack.org. _kerberos-adm._tcp.openstack.org. 300 IN SRV 0 0 749 kdc01.openstack.org. _kerberos-master._udp.openstack.org. 300 IN SRV 0 0 88 kdc01.openstack.org. - _kerberos._udp.openstack.org. 300 IN SRV 0 0 88 kdc02.openstack.org. + _kerberos._udp.openstack.org. 300 IN SRV 0 0 88 kdc04.openstack.org. _kerberos._udp.openstack.org. 300 IN SRV 0 0 88 kdc01.openstack.org. _kerberos.openstack.org. 300 IN TXT "OPENSTACK.ORG" diff --git a/hiera/common.yaml b/hiera/common.yaml index ab8d472123..d36bbc6c2d 100644 --- a/hiera/common.yaml +++ b/hiera/common.yaml @@ -443,7 +443,6 @@ cacti_hosts: - groups.openstack.org - health.openstack.org - kdc01.openstack.org -- kdc02.openstack.org - kdc04.openstack.org - lists.openstack.org - logstash-worker01.openstack.org diff --git a/manifests/site.pp b/manifests/site.pp index d1a83818d8..3f562f4303 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1614,19 +1614,6 @@ node 'kdc01.openstack.org' { class { 'openstack_project::kdc': } } -# Node-OS: trusty -node 'kdc02.openstack.org' { - class { 'openstack_project::server': - iptables_public_tcp_ports => [88, 464, 749, 754], - iptables_public_udp_ports => [88, 464, 749], - sysadmins => hiera('sysadmins', []), - } - - class { 'openstack_project::kdc': - slave => true, - } -} - # Node-OS: xenial node 'kdc04.openstack.org' { class { 'openstack_project::server': diff --git a/modules/openstack_project/manifests/kdc.pp b/modules/openstack_project/manifests/kdc.pp index 4a985e6147..e80a069f2f 100644 --- a/modules/openstack_project/manifests/kdc.pp +++ b/modules/openstack_project/manifests/kdc.pp @@ -6,12 +6,10 @@ class openstack_project::kdc ( realm => 'OPENSTACK.ORG', kdcs => [ 'kdc01.openstack.org', - 'kdc02.openstack.org', 'kdc04.openstack.org', ], admin_server => 'kdc.openstack.org', slaves => [ - 'kdc02.openstack.org', 'kdc04.openstack.org', ], slave => $slave, diff --git a/modules/openstack_project/manifests/server.pp b/modules/openstack_project/manifests/server.pp index c0f26e8567..74330ae67a 100644 --- a/modules/openstack_project/manifests/server.pp +++ b/modules/openstack_project/manifests/server.pp @@ -193,7 +193,6 @@ class openstack_project::server ( cache_size => $afs_cache_size, kdcs => [ 'kdc01.openstack.org', - 'kdc02.openstack.org', 'kdc04.openstack.org', ], }