diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 9540015102..79908d151b 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -43,6 +43,7 @@ parameter_defaults: - OS::TripleO::Services::SensuClient - OS::TripleO::Services::SkydiveAgent - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::AuditD - OS::TripleO::Services::Collectd diff --git a/environments/ssl/enable-internal-tls.yaml b/environments/ssl/enable-internal-tls.yaml index 80148fd363..750776d557 100644 --- a/environments/ssl/enable-internal-tls.yaml +++ b/environments/ssl/enable-internal-tls.yaml @@ -33,4 +33,5 @@ resource_registry: OS::TripleO::ServiceServerMetadataHook: ../../extraconfig/nova_metadata/krb-service-principals.yaml OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml + OS::TripleO::Services::IpaClient: ../../extraconfig/services/ipaclient.yaml OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml diff --git a/extraconfig/services/ipaclient.yaml b/extraconfig/services/ipaclient.yaml new file mode 100644 index 0000000000..e8602bb890 --- /dev/null +++ b/extraconfig/services/ipaclient.yaml @@ -0,0 +1,147 @@ +heat_template_version: queens + +description: Registers nodes with the IPA server + +parameters: + RoleNetIpMap: + default: {} + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the ipaclient service + value: + service_name: ipaclient + upgrade_tasks: [] + step_config: '' + host_prep_tasks: + - name: enroll client in ipa and get metadata + become: yes + block: + - name: install needed packages + package: + name: "{{ item }}" + state: present + with_items: + - python-simplejson + - ipa-client + - ipa-admintools + - openldap-clients + - hostname + + - name: create enrollment script + copy: + dest: /root/setup-ipa-client.sh + mode: '0700' + content: | + #!/bin/sh + set -x + + function get_metadata_config_drive { + if [ -f /run/cloud-init/status.json ]; then + # Get metadata from config drive + data=`cat /run/cloud-init/status.json` + config_drive=`echo $data | python -c 'import json,re,sys;obj=json.load(sys.stdin);ds=obj.get("v1", {}).get("datasource"); print re.findall(r"source=(.*)]", ds)[0]'` + if [[ -b $config_drive ]]; then + temp_dir=`mktemp -d` + mount $config_drive $temp_dir + if [ -f $temp_dir/openstack/latest/vendor_data2.json ]; then + data=`cat $temp_dir/openstack/latest/vendor_data2.json` + umount $config_drive + rmdir $temp_dir + else + umount $config_drive + rmdir $temp_dir + fi + else + echo "Unable to retrieve metadata from config drive." + return 1 + fi + else + echo "Unable to retrieve metadata from config drive." + return 1 + fi + + return 0 + } + + function get_metadata_network { + # Get metadata over the network + data=$(timeout 300 /bin/bash -c 'data=""; while [ -z "$data" ]; do sleep $[ ( $RANDOM % 10 ) + 1 ]s; data=`curl -s http://169.254.169.254/openstack/2016-10-06/vendor_data2.json 2>/dev/null`; done; echo $data') + + if [[ $? != 0 ]] ; then + echo "Unable to retrieve metadata from metadata service." + return 1 + fi + } + + if ! get_metadata_config_drive; then + if ! get_metadata_network; then + echo "FATAL: No metadata available" + exit 1 + fi + fi + + # Get the instance hostname out of the metadata + fqdn=`echo $data | python -c 'import json,sys;obj=json.load(sys.stdin);print obj.get("join", {}).get("hostname", "")'` + + if [ -z "$fqdn" ]; then + echo "Unable to determine hostname" + exit 1 + fi + + realm=`echo $data | python -c 'import json,sys;obj=json.load(sys.stdin);print obj.get("join", {}).get("krb_realm", "")'` + otp=`echo $data | python -c 'import json,sys;obj=json.load(sys.stdin);print obj.get("join", {}).get("ipaotp", "")'` + + hostname=`/bin/hostname -f` + + # Force hostname to use the FQDN + hostnamectl set-hostname $fqdn + + # run ipa-client-install + OPTS="-U -w $otp" + if [ $hostname != $fqdn ]; then + OPTS="$OPTS --hostname $fqdn" + fi + if [ -n "$realm" ]; then + OPTS="$OPTS --realm=$realm" + fi + + # Ensure we have the proper domain in /etc/resolv.conf + domain=$(hostname -d) + if ! grep -q ${domain} /etc/resolv.conf ; then + sed -i "0,/nameserver/s/\(nameserver.*\)/search ${domain}\n\1/" /etc/resolv.conf + fi + + ipa-client-install $OPTS + + - name: run enrollment script + shell: /root/setup-ipa-client.sh >> /var/log/setup-ipa-client-ansible.log 2>&1 + args: + creates: /etc/ipa/default.conf diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index f07aef852e..fbe0ea7ecc 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -251,6 +251,7 @@ resource_registry: # Services that are disabled by default (use relevant environment files): OS::TripleO::Services::Fluentd: OS::Heat::None + OS::TripleO::Services::IpaClient: OS::Heat::None OS::TripleO::Services::Ipsec: OS::Heat::None OS::TripleO::Services::Rhsm: OS::Heat::None OS::TripleO::Services::Collectd: OS::Heat::None diff --git a/releasenotes/notes/move-ipaclient-enroll-to-host-prep-tasks-934c6e0a9f75f15b.yaml b/releasenotes/notes/move-ipaclient-enroll-to-host-prep-tasks-934c6e0a9f75f15b.yaml new file mode 100644 index 0000000000..3fa0c33c39 --- /dev/null +++ b/releasenotes/notes/move-ipaclient-enroll-to-host-prep-tasks-934c6e0a9f75f15b.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - | + When setting up TLS everywhere, some deployers may not have their FreIPA + server in the ctlplane, causing the ipaclient registration to fail. + We move this registration to host-prep tasks and invoke it using ansible. + At this point, all networks should be set up and the FreeIPA server should + be accessible. diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml index 1dad61e6a7..b49c529313 100644 --- a/roles/BlockStorage.yaml +++ b/roles/BlockStorage.yaml @@ -20,6 +20,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/CephAll.yaml b/roles/CephAll.yaml index 6304dbd79f..0d11581df5 100644 --- a/roles/CephAll.yaml +++ b/roles/CephAll.yaml @@ -23,6 +23,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Kernel - OS::TripleO::Services::LoginDefs diff --git a/roles/CephFile.yaml b/roles/CephFile.yaml index 7192f28a40..61a01f9fa8 100644 --- a/roles/CephFile.yaml +++ b/roles/CephFile.yaml @@ -19,6 +19,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Kernel - OS::TripleO::Services::LoginDefs diff --git a/roles/CephObject.yaml b/roles/CephObject.yaml index f4daabd359..033c55bda4 100644 --- a/roles/CephObject.yaml +++ b/roles/CephObject.yaml @@ -19,6 +19,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Kernel - OS::TripleO::Services::LoginDefs diff --git a/roles/CephStorage.yaml b/roles/CephStorage.yaml index 3e3a9501c7..149db44c9c 100644 --- a/roles/CephStorage.yaml +++ b/roles/CephStorage.yaml @@ -18,6 +18,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Kernel - OS::TripleO::Services::LoginDefs diff --git a/roles/Compute.yaml b/roles/Compute.yaml index da8949bd5b..77d04c9d71 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -38,6 +38,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/ComputeAlt.yaml b/roles/ComputeAlt.yaml index a2c7c75296..ca374f80ad 100644 --- a/roles/ComputeAlt.yaml +++ b/roles/ComputeAlt.yaml @@ -27,6 +27,7 @@ - OS::TripleO::Services::ComputeNeutronMetadataAgent - OS::TripleO::Services::ComputeNeutronOvsAgentAlt - OS::TripleO::Services::FluentdAlt + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::IscsidAlt - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient diff --git a/roles/ComputeDVR.yaml b/roles/ComputeDVR.yaml index 641a4bebd9..fa7101886d 100644 --- a/roles/ComputeDVR.yaml +++ b/roles/ComputeDVR.yaml @@ -28,6 +28,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/ComputeHCI.yaml b/roles/ComputeHCI.yaml index 2e10c92d82..66da58c9aa 100644 --- a/roles/ComputeHCI.yaml +++ b/roles/ComputeHCI.yaml @@ -28,6 +28,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/ComputeInstanceHA.yaml b/roles/ComputeInstanceHA.yaml index d4ad08d8d4..8c90ef998a 100644 --- a/roles/ComputeInstanceHA.yaml +++ b/roles/ComputeInstanceHA.yaml @@ -29,6 +29,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/ComputeLiquidio.yaml b/roles/ComputeLiquidio.yaml index ba127be50f..c70da5a9a6 100644 --- a/roles/ComputeLiquidio.yaml +++ b/roles/ComputeLiquidio.yaml @@ -29,6 +29,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/ComputeOvsDpdk.yaml b/roles/ComputeOvsDpdk.yaml index 444c4e15b3..2ae69ca09e 100644 --- a/roles/ComputeOvsDpdk.yaml +++ b/roles/ComputeOvsDpdk.yaml @@ -32,6 +32,7 @@ - OS::TripleO::Services::ComputeNeutronOvsDpdk - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/ComputeOvsDpdkRT.yaml b/roles/ComputeOvsDpdkRT.yaml index ad10e60b54..f3c74fe41a 100644 --- a/roles/ComputeOvsDpdkRT.yaml +++ b/roles/ComputeOvsDpdkRT.yaml @@ -32,6 +32,7 @@ - OS::TripleO::Services::ComputeNeutronOvsDpdk - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/ComputeOvsDpdkSriov.yaml b/roles/ComputeOvsDpdkSriov.yaml index a04729acbf..cc7e9d1fa3 100644 --- a/roles/ComputeOvsDpdkSriov.yaml +++ b/roles/ComputeOvsDpdkSriov.yaml @@ -31,6 +31,7 @@ - OS::TripleO::Services::ComputeNeutronOvsDpdk - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/ComputeOvsDpdkSriovRT.yaml b/roles/ComputeOvsDpdkSriovRT.yaml index 0e18cb317f..072696d973 100644 --- a/roles/ComputeOvsDpdkSriovRT.yaml +++ b/roles/ComputeOvsDpdkSriovRT.yaml @@ -32,6 +32,7 @@ - OS::TripleO::Services::ComputeNeutronOvsDpdk - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/ComputeRealTime.yaml b/roles/ComputeRealTime.yaml index 2ee36a8078..ef5b1cc90b 100644 --- a/roles/ComputeRealTime.yaml +++ b/roles/ComputeRealTime.yaml @@ -35,6 +35,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/ComputeSriov.yaml b/roles/ComputeSriov.yaml index 9adcc39e1a..538885627b 100644 --- a/roles/ComputeSriov.yaml +++ b/roles/ComputeSriov.yaml @@ -28,6 +28,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/ComputeSriovRT.yaml b/roles/ComputeSriovRT.yaml index 1157ac7035..55409b187d 100644 --- a/roles/ComputeSriovRT.yaml +++ b/roles/ComputeSriovRT.yaml @@ -29,6 +29,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/Controller.yaml b/roles/Controller.yaml index f50014e291..e101dd2e7d 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -84,6 +84,7 @@ - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor diff --git a/roles/ControllerAllNovaStandalone.yaml b/roles/ControllerAllNovaStandalone.yaml index 9c9a8087ef..45ecc20d2c 100644 --- a/roles/ControllerAllNovaStandalone.yaml +++ b/roles/ControllerAllNovaStandalone.yaml @@ -48,6 +48,7 @@ - OS::TripleO::Services::Docker - OS::TripleO::Services::Etcd - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::GlanceApi - OS::TripleO::Services::GlanceRegistry diff --git a/roles/ControllerNoCeph.yaml b/roles/ControllerNoCeph.yaml index 5530cefdcc..631143e845 100644 --- a/roles/ControllerNoCeph.yaml +++ b/roles/ControllerNoCeph.yaml @@ -77,6 +77,7 @@ - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 716735ed53..c20c2fe4ae 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -53,6 +53,7 @@ - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Etcd - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::GlanceApi - OS::TripleO::Services::GlanceRegistry diff --git a/roles/ControllerStorageNfs.yaml b/roles/ControllerStorageNfs.yaml index bb5d3463aa..fa6d4523b2 100644 --- a/roles/ControllerStorageNfs.yaml +++ b/roles/ControllerStorageNfs.yaml @@ -81,6 +81,7 @@ - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor diff --git a/roles/Database.yaml b/roles/Database.yaml index f72a4caa78..82ed1d97e0 100644 --- a/roles/Database.yaml +++ b/roles/Database.yaml @@ -16,6 +16,7 @@ - OS::TripleO::Services::Clustercheck - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Kernel - OS::TripleO::Services::LoginDefs diff --git a/roles/HciCephAll.yaml b/roles/HciCephAll.yaml index 3f4a371678..e2a8028726 100644 --- a/roles/HciCephAll.yaml +++ b/roles/HciCephAll.yaml @@ -34,6 +34,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/HciCephFile.yaml b/roles/HciCephFile.yaml index d4c01c7a1d..558243579e 100644 --- a/roles/HciCephFile.yaml +++ b/roles/HciCephFile.yaml @@ -30,6 +30,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/HciCephMon.yaml b/roles/HciCephMon.yaml index b227522389..c765e48e8a 100644 --- a/roles/HciCephMon.yaml +++ b/roles/HciCephMon.yaml @@ -31,6 +31,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/HciCephObject.yaml b/roles/HciCephObject.yaml index cb56c945e7..ff595d097a 100644 --- a/roles/HciCephObject.yaml +++ b/roles/HciCephObject.yaml @@ -30,6 +30,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel diff --git a/roles/IronicConductor.yaml b/roles/IronicConductor.yaml index c7dd36e209..28e23b7c61 100644 --- a/roles/IronicConductor.yaml +++ b/roles/IronicConductor.yaml @@ -16,6 +16,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::IronicConductor - OS::TripleO::Services::IronicPxe diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml index df50618a56..f8b10cb183 100644 --- a/roles/Messaging.yaml +++ b/roles/Messaging.yaml @@ -15,6 +15,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Kernel - OS::TripleO::Services::LoginDefs diff --git a/roles/Networker.yaml b/roles/Networker.yaml index 4008e98e60..854cda20bb 100644 --- a/roles/Networker.yaml +++ b/roles/Networker.yaml @@ -16,6 +16,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Kernel - OS::TripleO::Services::LoginDefs diff --git a/roles/Novacontrol.yaml b/roles/Novacontrol.yaml index 5b4119eaac..efe40d2e1e 100644 --- a/roles/Novacontrol.yaml +++ b/roles/Novacontrol.yaml @@ -15,6 +15,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Kernel - OS::TripleO::Services::LoginDefs diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml index 01ce9c9d05..8695f315a6 100644 --- a/roles/ObjectStorage.yaml +++ b/roles/ObjectStorage.yaml @@ -25,6 +25,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Kernel - OS::TripleO::Services::LoginDefs diff --git a/roles/Telemetry.yaml b/roles/Telemetry.yaml index 6a53dc80a8..d1af23b3e3 100644 --- a/roles/Telemetry.yaml +++ b/roles/Telemetry.yaml @@ -28,6 +28,7 @@ - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Kernel - OS::TripleO::Services::LoginDefs diff --git a/roles_data.yaml b/roles_data.yaml index c39ac0bd70..ff558ecd47 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -87,6 +87,7 @@ - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor @@ -214,6 +215,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel @@ -265,6 +267,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel @@ -310,6 +313,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Kernel - OS::TripleO::Services::LoginDefs @@ -349,6 +353,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::Kernel - OS::TripleO::Services::LoginDefs diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml index 0cf52439d6..50fed76ffc 100644 --- a/sample-env-generator/ssl.yaml +++ b/sample-env-generator/ssl.yaml @@ -58,6 +58,7 @@ environments: OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml # We use apache as a TLS proxy # FIXME(bogdando): switch it, once it is containerized + OS::TripleO::Services::IpaClient: ../../extraconfig/services/ipaclient.yaml OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml # Creates nova metadata that will create the extra service principals per # node.