openstack/tripleo-heat-templates
Code Issues Proposed changes
6df0fbfa83
tripleo-heat-templates/deployment/ipa/ipaclient-baremetal-ansible.yaml
Emilien Macchi 2f3554cdcb Remove extraconfig/services directory 
... and move the services into the deployment directory.

The extraconfig/services directory was initially created for
experimental services using an interface that was work in progress but
is now stable enough, so the services can live among the others for
simplification.

Change-Id: I2bd0b169ed18ea2fccfea4475402dd73076924c8
2019-07-18 14:44:14 -04:00

184 lines
6.7 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: Registers nodes with the IPA server
parameters:
RoleNetIpMap:
default: {}
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
PythonInterpreter:
type: string
description: The python interpreter to use for python and ansible actions
default: /usr/bin/python
MakeHomeDir:
type: boolean
description: Configure PAM to create a users home directory if it does not exist.
default: False
IdMDomain:
default: ''
description: IDM domain to register IDM client. Typically, this is discovered
through DNS and does not have to be set explicitly.
type: string
IdMNoNtpSetup:
default: False
description: Set to true to add --no-ntp to the IDM client install call.
This will cause IDM client install not to set up NTP.
type: boolean
outputs:
role_data:
description: Role data for the ipaclient service
value:
service_name: ipaclient
upgrade_tasks: []
step_config: ''
host_prep_tasks:
- name: enroll client in ipa and get metadata
become: yes
vars:
python_interpreter: {get_param: PythonInterpreter}
makehomedir: {get_param: MakeHomeDir}
idm_domain: {get_param: IdMDomain}
idm_no_ntp: {get_param: IdMNoNtpSetup}
block:
- name: install needed packages
package:
name: "{{ item }}"
state: present
with_items:
- ipa-client
- ipa-admintools
- hostname
- name: create enrollment script
copy:
dest: /root/setup-ipa-client.sh
mode: '0700'
content: |
#!/bin/sh
set -x
function get_metadata_config_drive {
if [ -f /run/cloud-init/status.json ]; then
# Get metadata from config drive
data=`cat /run/cloud-init/status.json`
config_drive=`echo $data | {{ python_interpreter }} -c 'import json,re,sys;obj=json.load(sys.stdin);ds=obj.get("v1", {}).get("datasource"); print(re.findall(r"source=(.*)]", ds)[0])'`
if [[ -b $config_drive ]]; then
temp_dir=`mktemp -d`
mount $config_drive $temp_dir
if [ -f $temp_dir/openstack/latest/vendor_data2.json ]; then
data=`cat $temp_dir/openstack/latest/vendor_data2.json`
umount $config_drive
rmdir $temp_dir
else
umount $config_drive
rmdir $temp_dir
fi
else
echo "Unable to retrieve metadata from config drive."
return 1
fi
else
echo "Unable to retrieve metadata from config drive."
return 1
fi
return 0
}
function get_metadata_network {
# Get metadata over the network
data=$(timeout 300 /bin/bash -c 'data=""; while [ -z "$data" ]; do sleep $[ ( $RANDOM % 10 ) + 1 ]s; data=`curl -s http://169.254.169.254/openstack/2016-10-06/vendor_data2.json 2>/dev/null`; done; echo $data')
if [[ $? != 0 ]] ; then
echo "Unable to retrieve metadata from metadata service."
return 1
fi
}
function get_fqdn {
# Get the instance hostname out of the metadata
fqdn=`echo $data | {{ python_interpreter }} -c 'import json,sys;obj=json.load(sys.stdin);print(obj.get("join", {}).get("hostname", ""))'`
if [ -z "$fqdn"]; then
echo "Unable to determine hostname"
return 1
fi
return 0
}
if ! get_metadata_config_drive || ! get_fqdn; then
if ! get_metadata_network || ! get_fqdn; then
echo "FATAL: No metadata available or could not read the hostname from the metadata"
exit 1
fi
fi
realm=`echo $data | {{ python_interpreter }} -c 'import json,sys;obj=json.load(sys.stdin);print(obj.get("join", {}).get("krb_realm", ""))'`
otp=`echo $data | {{ python_interpreter }} -c 'import json,sys;obj=json.load(sys.stdin);print(obj.get("join", {}).get("ipaotp", ""))'`
# Force hostname to use the FQDN
hostnamectl set-hostname $fqdn
makehomedir={{ makehomedir }}
idm_no_ntp={{ idm_no_ntp }}
idm_domain={{ idm_domain }}
# run ipa-client-install
OPTS="-U -w $otp --hostname $fqdn"
if [ -n "$realm" ]; then
OPTS="$OPTS --realm=$realm"
fi
if [ -n "$idm_domain" ]; then
OPTS="$OPTS --domain=$idm_domain"
fi
if [ "${makehomedir,,}" = "true" ]; then
OPTS="$OPTS --mkhomedir"
fi
if [ "${idm_no_ntp,,}" = "true" ]; then
OPTS="$OPTS --no-ntp"
fi
# Ensure we have the proper domain in /etc/resolv.conf
domain=$(hostname -d)
if [ -n "$idm_domain" ]; then
domain = "$domain $idm_domain"
fi
if ! grep -q ${domain} /etc/resolv.conf ; then
sed -i "0,/nameserver/s/\(nameserver.*\)/search ${domain}\n\1/" /etc/resolv.conf
fi
ipa-client-install $OPTS
- name: run enrollment script
shell: /root/setup-ipa-client.sh >> /var/log/setup-ipa-client-ansible.log 2>&1
args:
creates: /etc/ipa/default.conf
View Git Blame Copy Permalink