#!/usr/bin/env bash
set -eux

### --start_docs

## Set up the necessary permissions/privileges in novajoin
## =======================================================


## * Ensure that the undercloud is using the FreeIPA server
##   as its DNS server

## .. Note:: You may not use sudo and use output redirection '>'::

sudo /bin/su -c "echo 'nameserver {{ undercloud_undercloud_nameservers[-1] }}' > /etc/resolv.conf"

## * Set up FreeIPA permissions and privileges and get the OTP.
## ::

sudo /usr/libexec/novajoin-ipa-setup \
    --principal admin \
{% if deploy_supplemental_node|bool %}
    --password {{ hostvars['supplemental'].freeipa_admin_password }} \
{% else %}
    --password {{ freeipa_admin_password }} \
{% endif %}
    --server {{ freeipa_server_hostname }} \
    --realm $(echo {{ overcloud_cloud_domain }} | awk '{print toupper($0)}') \
    --domain {{ overcloud_cloud_domain }} \
    --hostname {{ undercloud_undercloud_hostname }} \
    --otp-file {{ freeipa_otp_key }} \
    --precreate

### --stop_docs