openstack
/
tripleo-quickstart-extras
Code Issues Proposed changes
tripleo-quickstart-extras/roles/freeipa-setup
History
Sandeep Yadav 9fef1c0e42 Workaround for jdk zstream breaking freeipa instal 
See https://bugzilla.redhat.com/show_bug.cgi?id=1892216.
We need to downgrade openjdk in order to get a successful install
until freeipa is fixed or some other rhel workaround is implemented.

With this patch we are adding workaround in freeipa-setup role, we
have added similiar workaround in ipa-multinode role here[1]

[1] https://review.opendev.org/#/c/760994/
Closes-Bug: #1902478

Change-Id: I18e3dae31898b4baea92e0bb39d48553c8319921
 		2020-11-10 13:25:40 +05:30
..
defaults consolidate variable undercloud_enable_novajoin to common 2020-09-26 23:48:50 +00:00
meta Adopt yamllint strict linting 2018-11-26 12:37:21 +00:00
tasks Workaround for jdk zstream breaking freeipa instal 2020-11-10 13:25:40 +05:30
templates Support TLS-Everywhere without novajoin 2020-07-21 18:19:21 +02:00
README.md Support TLS-Everywhere without novajoin 2020-07-21 18:19:21 +02:00

README.md

FreeIPA Setup

An Ansible role to setup a FreeIPA server

Requirements

This role requires a running host to deploy FreeIPA

Role Variables

  • freeipa_hostname: <'ipa.tripleodomain'> -- Hostname for the FreeIPA server
  • freeipa_ip: <'192.168.24.250'> -- IP for the FreeIPA server
  • directory_manager_password: -- Password for the directory manager
  • freeipa_admin_password: -- FreeIPA server admin password
  • undercloud_fqdn: <'undercloud.tripleodomain'> -- FQDN for the undercloud
  • provisioning_cidr: <'{{ freeipa_ip }}/24'> -- If set, it adds the given CIDR to the provisioning interface (which is hardcoded to eth1)
  • supplemental_user: The user which is used to deploy FreeIpa on the supplemental node
  • ipa_server_install_params: <''> -- Additional parameters to pass to the ipa-server-install command
  • prepare_ipa: If set to true, it will install novajoin or tripleo-ipa in the undercloud, and run a script that will create the required privileges/permissions in FreeIPA, as well as the undercloud host entry. This requires 'enable_tls_everywhere' to be set to true, and the following variables to be properly defined: 'freeipa_admin_password', 'freeipa_server_hostname', 'overcloud_cloud_domain', 'undercloud_undercloud_hostname'. If you plan to do this yourself, you can set this variable to false. Defaults to true.
  • undercloud_enable_novajoin: <'true'> -- uses old novajoin service to register overcloud nodes into IPA when 'enable_tls_everywhere' is enabled.

Example Playbook

Sample playbook to call the role

# Deploy the FreeIPA Server
- name:  Deploy FreeIPA
  hosts: freeipa_host
  gather_facts: false
  roles:
    - freeipa-setup