From 4b1a018ef24af6787e43e0d7362ff114d5820444 Mon Sep 17 00:00:00 2001
From: "Dave Wilde (d34dh0r53)" <cdwilde@gmail.com>
Date: Fri, 15 May 2020 14:17:21 -0500
Subject: [PATCH] Detect TLS for pre-provisioned nodes

In cases where we need to support TLS for pre-provisioned nodes, we need
to be able to enroll hosts without using novajoin. This commit detects
if an OTP is present but without novajoin enabled. If so, if uses a
separate composible service, without novajoin, to enroll the undercloud
as a FreeIPA host.

Change-Id: Id6d193ab10e43a5d2706705588269654073910cc
(cherry picked from commit 97d54f2b399682375c6d0049802aa2d30fbe2db5)
---
 tripleoclient/v1/undercloud_config.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tripleoclient/v1/undercloud_config.py b/tripleoclient/v1/undercloud_config.py
index b3577ab1c..2dd57e015 100644
--- a/tripleoclient/v1/undercloud_config.py
+++ b/tripleoclient/v1/undercloud_config.py
@@ -621,6 +621,10 @@ def prepare_undercloud_deploy(upgrade=False, no_validations=True,
         deploy_args += ['-e', os.path.join(
             tht_templates, "environments/services/novajoin.yaml")]
         env_data['NovajoinIpaOtp'] = CONF['ipa_otp']
+    elif CONF.get('ipa_otp'):
+        deploy_args += ['-e', os.path.join(
+            tht_templates, "environments/services/undercloud-tls.yaml")]
+        env_data['UndercloudIpaOtp'] = CONF['ipa_otp']
 
     if CONF.get('enable_zaqar'):
         deploy_args += ['-e', os.path.join(