9fef1c0e42
See https://bugzilla.redhat.com/show_bug.cgi?id=1892216. We need to downgrade openjdk in order to get a successful install until freeipa is fixed or some other rhel workaround is implemented. With this patch we are adding workaround in freeipa-setup role, we have added similiar workaround in ipa-multinode role here[1] [1] https://review.opendev.org/#/c/760994/ Closes-Bug: #1902478 Change-Id: I18e3dae31898b4baea92e0bb39d48553c8319921 |
||
---|---|---|
.. | ||
defaults | ||
meta | ||
tasks | ||
templates | ||
README.md |
README.md
FreeIPA Setup
An Ansible role to setup a FreeIPA server
Requirements
This role requires a running host to deploy FreeIPA
Role Variables
freeipa_hostname
: <'ipa.tripleodomain'> -- Hostname for the FreeIPA serverfreeipa_ip
: <'192.168.24.250'> -- IP for the FreeIPA serverdirectory_manager_password
: -- Password for the directory managerfreeipa_admin_password
: -- FreeIPA server admin passwordundercloud_fqdn
: <'undercloud.tripleodomain'> -- FQDN for the undercloudprovisioning_cidr
: <'{{ freeipa_ip }}/24'> -- If set, it adds the given CIDR to the provisioning interface (which is hardcoded to eth1)supplemental_user
: The user which is used to deploy FreeIpa on the supplemental nodeipa_server_install_params
: <''> -- Additional parameters to pass to the ipa-server-install commandprepare_ipa
: If set to true, it will install novajoin or tripleo-ipa in the undercloud, and run a script that will create the required privileges/permissions in FreeIPA, as well as the undercloud host entry. This requires 'enable_tls_everywhere' to be set to true, and the following variables to be properly defined: 'freeipa_admin_password', 'freeipa_server_hostname', 'overcloud_cloud_domain', 'undercloud_undercloud_hostname'. If you plan to do this yourself, you can set this variable to false. Defaults to true.undercloud_enable_novajoin
: <'true'> -- uses old novajoin service to register overcloud nodes into IPA when 'enable_tls_everywhere' is enabled.
Example Playbook
Sample playbook to call the role
# Deploy the FreeIPA Server
- name: Deploy FreeIPA
hosts: freeipa_host
gather_facts: false
roles:
- freeipa-setup