118 lines
4.8 KiB
YAML
118 lines
4.8 KiB
YAML
---
|
|
# Copyright 2019 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
- name: Playbook to register the undercloud host with an IPA server
|
|
connection: "{{ (tripleo_ipa_undercloud_host is defined) | ternary('ssh', 'local') }}"
|
|
hosts: "{{ tripleo_ipa_undercloud_host | default('localhost') }}"
|
|
tasks:
|
|
- name: Ensure definitions
|
|
fail:
|
|
msg: >-
|
|
{{ item }} is undefined
|
|
when: not item.ansible_var and not item.env_var
|
|
with_items:
|
|
- name: ipa_domain
|
|
ansible_var: "{{ tripleo_ipa_domain | default('') }}"
|
|
env_var: "{{ lookup('env', 'IPA_DOMAIN') }}"
|
|
- name: ipa_realm
|
|
ansible_var: "{{ tripleo_ipa_realm | default('') }}"
|
|
env_var: "{{ lookup('env', 'IPA_REALM') }}"
|
|
- name: ipa_server_user
|
|
ansible_var: "{{ tripleo_ipa_admin_user | default('') }}"
|
|
env_var: "{{ lookup('env', 'IPA_ADMIN_USER') }}"
|
|
- name: ipa_server_password
|
|
ansible_var: "{{ tripleo_ipa_admin_password | default('') }}"
|
|
env_var: "{{ lookup('env', 'IPA_ADMIN_PASSWORD') }}"
|
|
- name: ipa_server_hostname
|
|
ansible_var: "{{ tripleo_ipa_server_hostname | default('') }}"
|
|
env_var: "{{ lookup('env', 'IPA_SERVER_HOSTNAME') }}"
|
|
- name: undercloud_fqdn
|
|
ansible_var: "{{ tripleo_undercloud_fqdn | default('') }}"
|
|
env_var: "{{ lookup('env', 'UNDERCLOUD_FQDN') }}"
|
|
- name: ansible_user
|
|
ansible_var: "{{ tripleo_ansible_user | default('') }}"
|
|
env_var: "{{ lookup('env', 'USER') }}"
|
|
- name: cloud_domain
|
|
ansible_var: "{{ tripleo_cloud_domain | default('') }}"
|
|
env_var: "{{ lookup('env', 'CLOUD_DOMAIN') }}"
|
|
|
|
- name: Set facts needed for configuration
|
|
set_fact:
|
|
ipa_domain: "{{ tripleo_ipa_domain | default(lookup('env', 'IPA_DOMAIN')) }}"
|
|
ipa_realm: "{{ tripleo_ipa_realm | default(lookup('env', 'IPA_REALM')) }}"
|
|
ipa_server_user: "{{ tripleo_ipa_admin_user | default(lookup('env', 'IPA_ADMIN_USER')) }}"
|
|
ipa_server_password: "{{ tripleo_ipa_admin_password | default(lookup('env', 'IPA_ADMIN_PASSWORD')) }}"
|
|
ipa_server_hostname: "{{ tripleo_ipa_server_hostname | default(lookup('env', 'IPA_SERVER_HOSTNAME')) }}"
|
|
undercloud_fqdn: "{{ tripleo_undercloud_fqdn | default(lookup('env', 'UNDERCLOUD_FQDN')) }}"
|
|
undercloud_ansible_user: "{{ tripleo_ansible_user | default(lookup('env', 'USER')) }}"
|
|
cloud_domain: "{{ tripleo_cloud_domain | default(lookup('env', 'CLOUD_DOMAIN')) }}"
|
|
ipa_client_install_packages: "{{ tripleo_ipa_client_install_packages | default(true) | bool }}"
|
|
|
|
- name: Add host to ipaclients group
|
|
add_host:
|
|
name: "{{ undercloud_fqdn }}"
|
|
group: ipaclients
|
|
state: present
|
|
ipaclient_domain: "{{ cloud_domain }}"
|
|
ipaclient_install_packages: "{{ ipa_client_install_packages }}"
|
|
ipaclient_realm: "{{ ipa_realm }}"
|
|
ipaclient_force: true
|
|
ipaadmin_principal: "{{ ipa_server_user }}"
|
|
ipaadmin_password: "{{ ipa_server_password }}"
|
|
ansible_user: "{{ undercloud_ansible_user }}"
|
|
ansible_ssh_extra_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
|
|
no_log: true
|
|
|
|
- name: Add host to ipaservers group
|
|
add_host:
|
|
group: ipaservers
|
|
name: "{{ ipa_server_hostname }}"
|
|
|
|
- hosts: ipaclients
|
|
become: true
|
|
tasks:
|
|
- include_role:
|
|
name: ipaclient
|
|
|
|
- hosts: "{{ tripleo_ipa_undercloud_host | default('localhost') }}"
|
|
become: true
|
|
tasks:
|
|
- include_role:
|
|
name: "{{ item }}"
|
|
with_first_found:
|
|
- "/usr/share/ansible/roles/tripleo_create_admin"
|
|
- "/usr/share/ansible/roles/tripleo-create-admin"
|
|
|
|
- hosts: "{{ tripleo_ipa_undercloud_host | default('localhost') }}"
|
|
become: true
|
|
environment:
|
|
IPA_USER: "{{ ipa_server_user }}"
|
|
IPA_HOST: "{{ ipa_server_hostname }}"
|
|
IPA_PASS: "{{ ipa_server_password }}"
|
|
vars:
|
|
undercloud_fqdn: "{{ ansible_fqdn }}"
|
|
tasks:
|
|
- name: kinit to get admin credentials
|
|
command: kinit "{{ ipa_server_user }}@{{ ipa_realm }}"
|
|
args:
|
|
stdin: "{{ ipa_server_password }}"
|
|
register: kinit
|
|
changed_when: kinit.rc == 0
|
|
no_log: true
|
|
|
|
- name: setup the undercloud and get keytab
|
|
include_role:
|
|
name: tripleo_ipa_setup
|