0a0e2ee629
Master is now the development branch for pike changing the release alias name. Change-Id: I938e4a983e361aefcaa0bd9a4226c296c5823127
84 lines
2.5 KiB
YAML
84 lines
2.5 KiB
YAML
heat_template_version: pike
|
|
|
|
description: Enroll nodes to FreeIPA
|
|
|
|
parameters:
|
|
server:
|
|
description: ID of the controller node to apply this config to
|
|
type: string
|
|
|
|
CloudDomain:
|
|
description: >
|
|
The configured cloud domain; this will also be used as the kerberos realm
|
|
type: string
|
|
|
|
FreeIPAOTP:
|
|
default: ''
|
|
description: 'OTP that will be used for FreeIPA enrollment'
|
|
type: string
|
|
hidden: true
|
|
FreeIPAServer:
|
|
default: ''
|
|
description: 'FreeIPA server DNS name'
|
|
type: string
|
|
FreeIPAIPAddress:
|
|
default: ''
|
|
description: 'FreeIPA server IP Address'
|
|
type: string
|
|
|
|
resources:
|
|
FreeIPAEnrollmentConfig:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: script
|
|
inputs:
|
|
- name: otp
|
|
- name: ipa_server
|
|
- name: ipa_domain
|
|
- name: ipa_ip
|
|
config: |
|
|
#!/bin/sh
|
|
# If no IPA server was given as a parameter, it will be assumed from
|
|
# DNS.
|
|
if [ -n "${ipa_server}" ]; then
|
|
sed -i "/${ipa_server}/d" /etc/hosts
|
|
# Optionally add the FreeIPA server IP to /etc/hosts
|
|
if [ -n "${ipa_ip}" ]; then
|
|
echo "${ipa_ip} ${ipa_server}" >> /etc/hosts
|
|
fi
|
|
fi
|
|
# Set the node's domain if needed
|
|
if [ ! $(hostname -f | grep "${ipa_domain}$") ]; then
|
|
hostnamectl set-hostname "$(hostname).${ipa_domain}"
|
|
fi
|
|
yum install -y ipa-client
|
|
# Enroll. If there is already keytab, we have already done this. If
|
|
# this node hasn't enrolled and the OTP is missing, fail.
|
|
if [ ! -f /etc/krb5.keytab ]; then
|
|
if [ -z "${otp}" ]; then
|
|
echo "OTP is missing"
|
|
exit 1
|
|
fi
|
|
ipa-client-install --server ${ipa_server} -w ${otp} \
|
|
--domain=${ipa_domain} -U
|
|
fi
|
|
# Get a TGT
|
|
kinit -k -t /etc/krb5.keytab
|
|
|
|
FreeIPAControllerEnrollmentDeployment:
|
|
type: OS::Heat::SoftwareDeployment
|
|
properties:
|
|
name: FreeIPAEnrollmentDeployment
|
|
config: {get_resource: FreeIPAEnrollmentConfig}
|
|
server: {get_param: server}
|
|
input_values:
|
|
otp: {get_param: FreeIPAOTP}
|
|
ipa_server: {get_param: FreeIPAServer}
|
|
ipa_domain: {get_param: CloudDomain}
|
|
ipa_ip: {get_param: FreeIPAIPAddress}
|
|
|
|
outputs:
|
|
deploy_stdout:
|
|
description: Output of the FreeIPA enrollment deployment
|
|
value: {get_attr: [FreeIPAControllerEnrollmentDeployment, deploy_stdout]}
|