9a20e17344
The latest changes to tls-e require certain permissions and ACIs to be added to the IPA server in order to successfully add DNS entries and to issue certs with IP SANs (for cinder A/A). These changes cannot be automated as they require IPA admin or DS credentials. This adds a validation to make sure the required permissions and ACLs are present before starting an install. Change-Id: I03575a5717456ad647cb10825b8d5646a55a6378
22 lines
555 B
YAML
22 lines
555 B
YAML
---
|
|
- name: Prepare
|
|
hosts: all
|
|
tasks:
|
|
- name: create directory /etc/ipa
|
|
file:
|
|
path: /etc/ipa
|
|
state: directory
|
|
- name: create fake ipa default.conf
|
|
copy:
|
|
dest: /etc/ipa/default.conf
|
|
mode: 0600
|
|
content: |
|
|
[global]
|
|
basedn = dc=example,dc=com
|
|
realm = EXAMPLE.COM
|
|
domain = example.com
|
|
server = freeipa-0.example.com
|
|
host = undercloud-0.example.com
|
|
xmlrpc_uri = https://freeipa-0.example.com/ipa/xml
|
|
enable_ra = True
|