---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Setup server
hosts: all
vars:
ipa_domain: example.test
ipa_server_ip: 10.88.0.22
ipa_server_user: admin
ipa_server_password: password123
ipa_server_hostname: ipa.example.test
undercloud_fqdn: test-0.example.test
tasks:
- name: set resolv.conf to point to the ipa server
shell:
cmd: cat > /etc/resolv.conf
stdin: |
search {{ ipa_domain }}
nameserver {{ ipa_server_ip }}
- name: Set fqdn in /etc/hosts
shell:
cmd: cat > /etc/hosts
- name: Set fqdn in /etc/hosts
shell:
cmd: cat > /etc/hosts
stdin: |
127.0.0.1 test-1.example.test test-1 localhost localhost.localdomain
- name: enroll the server as an ipa client using admin creds
shell: |
ipa-client-install -U \
--server "{{ ipa_server_hostname }}" \
--domain "{{ ipa_domain }}" \
--realm "{{ ipa_domain | upper }}" \
--principal "{{ ipa_server_user }}" \
--password "{{ ipa_server_password }}" \
--no-ntp --force-join --no-nisdomain
args:
creates: /etc/ipa/default.conf
# we need this keytab for operations that we cannot do yet with ansible
- name: kinit to get admin creds
command: kinit "{{ ipa_server_user }}"
args:
stdin: "{{ ipa_server_password }}"
- name: ensure "tripleo-admin" group exists
group:
name: tripleo-admin
state: present
- name: create users, perms, get keytab
include_role:
name: tripleo_ipa_setup
apply:
environment:
IPA_USER: "{{ ipa_server_user }}"
IPA_HOST: "{{ ipa_server_hostname }}"
IPA_PASS: "{{ ipa_server_password }}"
- name: Converge - add host and relevant services for test-1 host
hosts: all
vars:
tripleo_ipa_enroll_base_server: true
tripleo_ipa_base_server_fqdn: test-1.example.test
tripleo_ipa_base_server_short_name: test-1
tripleo_ipa_base_server_domain: example.test
tripleo_ipa_delegate_server: localhost
tripleo_ipa_server_metadata: |
{
"compact_service_HTTP": [
"ctlplane",
"storage",
"storagemgmt",
"internalapi",
"external"
],
"compact_service_haproxy": [
"ctlplane",
"storage",
"storagemgmt",
"internalapi"
],
"compact_service_libvirt-vnc": [
"internalapi"
],
"compact_service_mysql": [
"internalapi"
],
"compact_service_neutron_ovn": [
"internalapi"
],
"compact_service_novnc-proxy": [
"internalapi"
],
"compact_service_ovn_controller": [
"internalapi"
],
"compact_service_ovn_dbs": [
"internalapi"
],
"compact_service_rabbitmq": [
"internalapi"
],
"compact_service_redis": [
"internalapi"
],
"managed_service_haproxyctlplane": "haproxy/overcloud.ctlplane.example.test",
"managed_service_haproxyexternal": "haproxy/overcloud.example.test",
"managed_service_haproxyinternal_api": "haproxy/overcloud.internalapi.example.test",
"managed_service_haproxystorage": "haproxy/overcloud.storage.example.test",
"managed_service_haproxystorage_mgmt": "haproxy/overcloud.storagemgmt.example.test",
"managed_service_mysqlinternal_api": "mysql/overcloud.internalapi.example.test",
"managed_service_ovn_dbsinternal_api": "ovn_dbs/overcloud.internalapi.example.test",
"managed_service_redisinternal_api": "redis/overcloud.internalapi.example.test"
}
roles:
- name: tripleo_ipa_registration
environment:
IPA_USER: admin
IPA_HOST: ipa.example.test
IPA_PASS: password123
- name: Converge - add host and relevant services for test-2 host
hosts: all
vars:
tripleo_ipa_enroll_base_server: true
tripleo_ipa_base_server_fqdn: test-2.example.test
tripleo_ipa_base_server_short_name: test-2
tripleo_ipa_base_server_domain: example.test
tripleo_ipa_delegate_server: localhost
tripleo_ipa_server_metadata: |
{
"compact_service_HTTP": [
"ctlplane",
"storage",
"storagemgmt",
"internalapi",
"external"
],
"compact_service_haproxy": [
"ctlplane",
"storage",
"storagemgmt",
"internalapi"
],
"compact_service_libvirt-vnc": [
"internalapi"
],
"compact_service_mysql": [
"internalapi"
],
"compact_service_neutron_ovn": [
"internalapi"
],
"compact_service_novnc-proxy": [
"internalapi"
],
"compact_service_ovn_controller": [
"internalapi"
],
"compact_service_ovn_dbs": [
"internalapi"
],
"compact_service_rabbitmq": [
"internalapi"
],
"compact_service_redis": [
"internalapi"
],
"managed_service_haproxyctlplane": "haproxy/overcloud.ctlplane.example.test",
"managed_service_haproxyexternal": "haproxy/overcloud.example.test",
"managed_service_haproxyinternal_api": "haproxy/overcloud.internalapi.example.test",
"managed_service_haproxystorage": "haproxy/overcloud.storage.example.test",
"managed_service_haproxystorage_mgmt": "haproxy/overcloud.storagemgmt.example.test",
"managed_service_mysqlinternal_api": "mysql/overcloud.internalapi.example.test",
"managed_service_ovn_dbsinternal_api": "ovn_dbs/overcloud.internalapi.example.test",
"managed_service_redisinternal_api": "redis/overcloud.internalapi.example.test"
}
roles:
- name: tripleo_ipa_registration
environment:
IPA_USER: admin
IPA_HOST: ipa.example.test
IPA_PASS: password123
- name: Simulate bad enrollment for test-3 host
hosts: all
vars:
ipa_server_user: admin
ipa_server_password: password123
ipa_server_hostname: ipa.example.test
tasks:
# We do this to simulate a bad enrollment. If the host has already been
# added, but isn't enrolled we need to recreate the host during
# tripleo_ipa_registration. Add this host shouldn't cause the
# tripleo_ipa_registration role to fail. It should handle it gracefully.
# This host isn't enrolled and doesn't have a keytab associated to it
# because it's disabled.
- name: create a pre-existing host test-3
ipa_host:
fqdn: 'test-3.example.test'
force: true
ipa_user: "{{ ipa_server_user }}"
ipa_pass: "{{ ipa_server_password }}"
ipa_host: "{{ ipa_server_hostname }}"
- name: Converge - add host and relevant services for test-3 host
hosts: all
vars:
tripleo_ipa_enroll_base_server: true
tripleo_ipa_base_server_fqdn: test-3.example.test
tripleo_ipa_base_server_short_name: test-3
tripleo_ipa_base_server_domain: example.test
tripleo_ipa_delegate_server: localhost
tripleo_ipa_server_metadata: |
{
"compact_service_libvirt": [
"internalapi"
],
"compact_service_libvirt-vnc": [
"internalapi"
],
"compact_service_ovn_controller": [
"internalapi"
],
"compact_service_ovn_metadata": [
"internalapi"
],
"compact_service_qemu": [
"internalapi"
]
}
roles:
- name: tripleo_ipa_registration
environment:
IPA_USER: admin
IPA_HOST: ipa.example.test
IPA_PASS: password123
- name: Converge - delete host and relevant services
hosts: all
vars:
ipa_server_hostname: ipa.example.test
tasks:
- name: Include IPA Cleanup
include_role:
name: tripleo_ipa_cleanup
vars:
tripleo_ipa_hosts_to_delete: ['test-1.example.test']
tripleo_ipa_keytab: "/etc/novajoin/krb5.keytab"