openstack/tripleo-quickstart-extras
Code Issues Proposed changes
eaaaa35564
tripleo-quickstart-extras/roles/freeipa-setup
History
Ronelle Landy 2c2b16dc1e Modify IPA install and usage for multi-env 
Remove auto-reverse from IPA server install as
this option is causing errors in environments
where the zone being created already exists and
is owned by some other dns server.
See related change in:
https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/737058/.

This patch also stops the unbound service if it
is running on the undercloud.

Change-Id: Ie46809379e5c143910560b4d3f7cb0eee6f80ea1
2022-11-03 06:49:31 -04:00
..
defaults consolidate variable undercloud_enable_novajoin to common 2020-09-26 23:48:50 +00:00
meta Adopt yamllint strict linting 2018-11-26 12:37:21 +00:00
tasks Revert "Workaround for jdk zstream breaking freeipa instal" 2021-06-08 15:49:41 +05:30
templates Modify IPA install and usage for multi-env 2022-11-03 06:49:31 -04:00
README.md Support TLS-Everywhere without novajoin 2020-07-21 18:19:21 +02:00

README.md

FreeIPA Setup

An Ansible role to setup a FreeIPA server

Requirements

This role requires a running host to deploy FreeIPA

Role Variables

  • freeipa_hostname: <'ipa.tripleodomain'> -- Hostname for the FreeIPA server
  • freeipa_ip: <'192.168.24.250'> -- IP for the FreeIPA server
  • directory_manager_password: -- Password for the directory manager
  • freeipa_admin_password: -- FreeIPA server admin password
  • undercloud_fqdn: <'undercloud.tripleodomain'> -- FQDN for the undercloud
  • provisioning_cidr: <'{{ freeipa_ip }}/24'> -- If set, it adds the given CIDR to the provisioning interface (which is hardcoded to eth1)
  • supplemental_user: The user which is used to deploy FreeIpa on the supplemental node
  • ipa_server_install_params: <''> -- Additional parameters to pass to the ipa-server-install command
  • prepare_ipa: If set to true, it will install novajoin or tripleo-ipa in the undercloud, and run a script that will create the required privileges/permissions in FreeIPA, as well as the undercloud host entry. This requires 'enable_tls_everywhere' to be set to true, and the following variables to be properly defined: 'freeipa_admin_password', 'freeipa_server_hostname', 'overcloud_cloud_domain', 'undercloud_undercloud_hostname'. If you plan to do this yourself, you can set this variable to false. Defaults to true.
  • undercloud_enable_novajoin: <'true'> -- uses old novajoin service to register overcloud nodes into IPA when 'enable_tls_everywhere' is enabled.

Example Playbook

Sample playbook to call the role

# Deploy the FreeIPA Server
- name:  Deploy FreeIPA
  hosts: freeipa_host
  gather_facts: false
  roles:
    - freeipa-setup