--- # Copyright 2019 Red Hat, Inc. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - name: Setup server hosts: all vars: ipa_domain: example.test ipa_server_ip: 10.88.0.22 ipa_server_user: admin ipa_server_password: password123 ipa_server_hostname: ipa.example.test undercloud_fqdn: test-0.example.test tasks: - name: set resolv.conf to point to the ipa server shell: cmd: cat > /etc/resolv.conf stdin: | search {{ ipa_domain }} nameserver {{ ipa_server_ip }} - name: Set fqdn in /etc/hosts shell: cmd: cat > /etc/hosts - name: Set fqdn in /etc/hosts shell: cmd: cat > /etc/hosts stdin: | 127.0.0.1 test-1.example.test test-1 localhost localhost.localdomain - name: enroll the server as an ipa client using admin creds shell: | ipa-client-install -U \ --server "{{ ipa_server_hostname }}" \ --domain "{{ ipa_domain }}" \ --realm "{{ ipa_domain | upper }}" \ --principal "{{ ipa_server_user }}" \ --password "{{ ipa_server_password }}" \ --no-ntp --force-join --no-nisdomain args: creates: /etc/ipa/default.conf # we need this keytab for operations that we cannot do yet with ansible - name: kinit to get admin creds command: kinit "{{ ipa_server_user }}" args: stdin: "{{ ipa_server_password }}" - name: ensure "tripleo-admin" group exists group: name: tripleo-admin state: present - name: create users, perms, get keytab include_role: name: tripleo_ipa_setup apply: environment: IPA_USER: "{{ ipa_server_user }}" IPA_HOST: "{{ ipa_server_hostname }}" IPA_PASS: "{{ ipa_server_password }}" - name: Converge - add host and relevant services for test-1 host hosts: all vars: tripleo_ipa_enroll_base_server: true tripleo_ipa_base_server_fqdn: test-1.example.test tripleo_ipa_base_server_short_name: test-1 tripleo_ipa_base_server_domain: example.test tripleo_ipa_delegate_server: localhost tripleo_ipa_server_metadata: | { "compact_service_HTTP": [ "ctlplane", "storage", "storagemgmt", "internalapi", "external" ], "compact_service_haproxy": [ "ctlplane", "storage", "storagemgmt", "internalapi" ], "compact_service_libvirt-vnc": [ "internalapi" ], "compact_service_mysql": [ "internalapi" ], "compact_service_neutron_ovn": [ "internalapi" ], "compact_service_novnc-proxy": [ "internalapi" ], "compact_service_ovn_controller": [ "internalapi" ], "compact_service_ovn_dbs": [ "internalapi" ], "compact_service_rabbitmq": [ "internalapi" ], "compact_service_redis": [ "internalapi" ], "managed_service_haproxyctlplane": "haproxy/overcloud.ctlplane.example.test", "managed_service_haproxyexternal": "haproxy/overcloud.example.test", "managed_service_haproxyinternal_api": "haproxy/overcloud.internalapi.example.test", "managed_service_haproxystorage": "haproxy/overcloud.storage.example.test", "managed_service_haproxystorage_mgmt": "haproxy/overcloud.storagemgmt.example.test", "managed_service_mysqlinternal_api": "mysql/overcloud.internalapi.example.test", "managed_service_ovn_dbsinternal_api": "ovn_dbs/overcloud.internalapi.example.test", "managed_service_redisinternal_api": "redis/overcloud.internalapi.example.test" } roles: - name: tripleo_ipa_registration environment: IPA_USER: admin IPA_HOST: ipa.example.test IPA_PASS: password123 - name: Converge - add host and relevant services for test-2 host hosts: all vars: tripleo_ipa_enroll_base_server: true tripleo_ipa_base_server_fqdn: test-2.example.test tripleo_ipa_base_server_short_name: test-2 tripleo_ipa_base_server_domain: example.test tripleo_ipa_delegate_server: localhost tripleo_ipa_server_metadata: | { "compact_service_HTTP": [ "ctlplane", "storage", "storagemgmt", "internalapi", "external" ], "compact_service_haproxy": [ "ctlplane", "storage", "storagemgmt", "internalapi" ], "compact_service_libvirt-vnc": [ "internalapi" ], "compact_service_mysql": [ "internalapi" ], "compact_service_neutron_ovn": [ "internalapi" ], "compact_service_novnc-proxy": [ "internalapi" ], "compact_service_ovn_controller": [ "internalapi" ], "compact_service_ovn_dbs": [ "internalapi" ], "compact_service_rabbitmq": [ "internalapi" ], "compact_service_redis": [ "internalapi" ], "managed_service_haproxyctlplane": "haproxy/overcloud.ctlplane.example.test", "managed_service_haproxyexternal": "haproxy/overcloud.example.test", "managed_service_haproxyinternal_api": "haproxy/overcloud.internalapi.example.test", "managed_service_haproxystorage": "haproxy/overcloud.storage.example.test", "managed_service_haproxystorage_mgmt": "haproxy/overcloud.storagemgmt.example.test", "managed_service_mysqlinternal_api": "mysql/overcloud.internalapi.example.test", "managed_service_ovn_dbsinternal_api": "ovn_dbs/overcloud.internalapi.example.test", "managed_service_redisinternal_api": "redis/overcloud.internalapi.example.test" } roles: - name: tripleo_ipa_registration environment: IPA_USER: admin IPA_HOST: ipa.example.test IPA_PASS: password123 - name: Simulate bad enrollment for test-3 host hosts: all vars: ipa_server_user: admin ipa_server_password: password123 ipa_server_hostname: ipa.example.test tasks: # We do this to simulate a bad enrollment. If the host has already been # added, but isn't enrolled we need to recreate the host during # tripleo_ipa_registration. Add this host shouldn't cause the # tripleo_ipa_registration role to fail. It should handle it gracefully. # This host isn't enrolled and doesn't have a keytab associated to it # because it's disabled. - name: create a pre-existing host test-3 ipa_host: fqdn: 'test-3.example.test' force: true ipa_user: "{{ ipa_server_user }}" ipa_pass: "{{ ipa_server_password }}" ipa_host: "{{ ipa_server_hostname }}" - name: Converge - add host and relevant services for test-3 host hosts: all vars: tripleo_ipa_enroll_base_server: true tripleo_ipa_base_server_fqdn: test-3.example.test tripleo_ipa_base_server_short_name: test-3 tripleo_ipa_base_server_domain: example.test tripleo_ipa_delegate_server: localhost tripleo_ipa_server_metadata: | { "compact_service_libvirt": [ "internalapi" ], "compact_service_libvirt-vnc": [ "internalapi" ], "compact_service_ovn_controller": [ "internalapi" ], "compact_service_ovn_metadata": [ "internalapi" ], "compact_service_qemu": [ "internalapi" ] } roles: - name: tripleo_ipa_registration environment: IPA_USER: admin IPA_HOST: ipa.example.test IPA_PASS: password123 - name: Converge - delete host and relevant services hosts: all vars: ipa_server_hostname: ipa.example.test tasks: - name: Include IPA Cleanup include_role: name: tripleo_ipa_cleanup vars: tripleo_ipa_hosts_to_delete: ['test-1.example.test'] tripleo_ipa_keytab: "/etc/novajoin/krb5.keytab"