Merge "Add credentials cache for novajoin user"

This commit is contained in:
Zuul 2022-07-21 19:55:37 +00:00 committed by Gerrit Code Review
commit 906991f099
1 changed files with 9 additions and 5 deletions

View File

@ -44,6 +44,10 @@ parameters:
default: 'FILE:/etc/novajoin/krb5.keytab'
description: keytab for the nova/[host fqdn] user on the FreeIPA server.
type: string
IdMNovaCredentialCache:
default: '/etc/novajoin/krb5.cache'
description: credential cache for nova/[host fqdn] user
type: string
MakeHomeDir:
type: boolean
description: Configure PAM to create a users home directory if it does not exist.
@ -109,13 +113,13 @@ outputs:
tripleo_ipa_ptr_zone_split_ipv6: {get_param: IdMZoneSplitIPv6}
when: {get_param: IdMModifyDNS}
environment:
if:
- idm_server_provided
- IPA_HOST: {get_param: [IdMServer, 0]}
IPA_USER: "nova/{{ ansible_facts['fqdn'] }}"
KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
map_merge:
- IPA_USER: "nova/{{ ansible_facts['fqdn'] }}"
KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
KRB5CCNAME: {get_param: IdMNovaCredentialCache}
- if:
- idm_server_provided
- IPA_HOST: {get_param: [IdMServer, 0]}
- name: enroll the node as an ipa client
#NOTE(xek): this is moved to external_deploy_tasks to make sure this happens before certificates are requested from certmonger
when: step|int == 1