ac02238870
create_tripleo_admin appears to be create-tripleo-admin on train. Change-Id: I406307a9838712e31fe560712fb9e68b911d2fea
134 lines
5.4 KiB
YAML
134 lines
5.4 KiB
YAML
---
|
|
# Copyright 2019 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
- name: Playbook to register the undercloud host with an IPA server
|
|
connection: "{{ (tripleo_ipa_undercloud_host is defined) | ternary('ssh', 'local') }}"
|
|
hosts: "{{ tripleo_ipa_undercloud_host | default('localhost') }}"
|
|
tasks:
|
|
- name: Ensure definitions
|
|
fail:
|
|
msg: >-
|
|
{{ item }} is undefined
|
|
when: not item.ansible_var and not item.env_var
|
|
with_items:
|
|
- name: ipa_domain
|
|
ansible_var: "{{ tripleo_ipa_domain | default('') }}"
|
|
env_var: "{{ lookup('env', 'IPA_DOMAIN') }}"
|
|
- name: ipa_realm
|
|
ansible_var: "{{ tripleo_ipa_realm | default('') }}"
|
|
env_var: "{{ lookup('env', 'IPA_REALM') }}"
|
|
- name: ipa_server_user
|
|
ansible_var: "{{ tripleo_ipa_admin_user | default('') }}"
|
|
env_var: "{{ lookup('env', 'IPA_ADMIN_USER') }}"
|
|
- name: ipa_server_password
|
|
ansible_var: "{{ tripleo_ipa_admin_password | default('') }}"
|
|
env_var: "{{ lookup('env', 'IPA_ADMIN_PASSWORD') }}"
|
|
- name: ipa_server_hostname
|
|
ansible_var: "{{ tripleo_ipa_server_hostname | default('') }}"
|
|
env_var: "{{ lookup('env', 'IPA_SERVER_HOSTNAME') }}"
|
|
- name: undercloud_fqdn
|
|
ansible_var: "{{ tripleo_undercloud_fqdn | default('') }}"
|
|
env_var: "{{ lookup('env', 'UNDERCLOUD_FQDN') }}"
|
|
- name: ansible_user
|
|
ansible_var: "{{ tripleo_ansible_user | default('') }}"
|
|
env_var: "{{ lookup('env', 'USER') }}"
|
|
- name: cloud_domain
|
|
ansible_var: "{{ tripleo_cloud_domain | default('') }}"
|
|
env_var: "{{ lookup('env', 'CLOUD_DOMAIN') }}"
|
|
|
|
- name: Set facts needed for configuration
|
|
set_fact:
|
|
ipa_domain: "{{ tripleo_ipa_domain | default(lookup('env', 'IPA_DOMAIN')) }}"
|
|
ipa_realm: "{{ tripleo_ipa_realm | default(lookup('env', 'IPA_REALM')) }}"
|
|
ipa_server_user: "{{ tripleo_ipa_admin_user | default(lookup('env', 'IPA_ADMIN_USER')) }}"
|
|
ipa_server_password: "{{ tripleo_ipa_admin_password | default(lookup('env', 'IPA_ADMIN_PASSWORD')) }}"
|
|
ipa_server_hostname: "{{ tripleo_ipa_server_hostname | default(lookup('env', 'IPA_SERVER_HOSTNAME')) }}"
|
|
undercloud_fqdn: "{{ tripleo_undercloud_fqdn | default(lookup('env', 'UNDERCLOUD_FQDN')) }}"
|
|
undercloud_ansible_user: "{{ tripleo_ansible_user | default(lookup('env', 'USER')) }}"
|
|
cloud_domain: "{{ tripleo_cloud_domain | default(lookup('env', 'CLOUD_DOMAIN')) }}"
|
|
ipa_distro_packages:
|
|
- http://download.eng.bos.redhat.com/brewroot/vol/rhel-8/packages/ansible-freeipa/0.1.7/1.el8/noarch/ansible-freeipa-0.1.7-1.el8.noarch.rpm
|
|
- krb5-workstation
|
|
ipa_pip_packages:
|
|
- urllib_gssapi
|
|
|
|
- name: Add host to ipaclients group
|
|
add_host:
|
|
name: "{{ undercloud_fqdn }}"
|
|
group: ipaclients
|
|
state: present
|
|
ipaclient_domain: "{{ cloud_domain }}"
|
|
ipaclient_realm: "{{ ipa_realm }}"
|
|
ipaclient_force: true
|
|
ipaadmin_principal: "{{ ipa_server_user }}"
|
|
ipaadmin_password: "{{ ipa_server_password }}"
|
|
ansible_user: "{{ undercloud_ansible_user }}"
|
|
ansible_ssh_extra_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
|
|
no_log: True
|
|
|
|
- name: Add host to ipaservers group
|
|
add_host:
|
|
group: ipaservers
|
|
name: "{{ ipa_server_hostname }}"
|
|
|
|
- hosts: "{{ tripleo_ipa_undercloud_host | default('localhost') }}"
|
|
become: true
|
|
tasks:
|
|
- name: Install distro packages required for IPA enrollment
|
|
package:
|
|
name: "{{ ipa_distro_packages }}"
|
|
state: present
|
|
|
|
# TODO(d34dh0r53): This is only required while tripleo CI is still running on CentOS 7.x as
|
|
# urllib_gssapi is not available as an RPM in CentOS 7. Once CI has been moved to CentOS 8.x
|
|
# this block as well as the definition of ipa_pip_packages should be removed from this playbook.
|
|
- name: Install pip packages required for IPA enrollment
|
|
pip:
|
|
name: "{{ ipa_pip_packages }}"
|
|
state: present
|
|
|
|
- hosts: ipaclients
|
|
become: true
|
|
tasks:
|
|
- include_role:
|
|
name: ipaclient
|
|
|
|
- hosts: "{{ tripleo_ipa_undercloud_host | default('localhost') }}"
|
|
become: true
|
|
tasks:
|
|
- include_role:
|
|
name: tripleo-create-admin
|
|
|
|
- hosts: "{{ tripleo_ipa_undercloud_host | default('localhost') }}"
|
|
become: true
|
|
environment:
|
|
IPA_USER: "{{ ipa_server_user }}"
|
|
IPA_HOST: "{{ ipa_server_hostname }}"
|
|
IPA_PASS: "{{ ipa_server_password }}"
|
|
vars:
|
|
undercloud_fqdn: "{{ ansible_fqdn }}"
|
|
tasks:
|
|
- name: kinit to get admin credentials
|
|
command: kinit "{{ ipa_server_user }}@{{ ipa_realm }}"
|
|
args:
|
|
stdin: "{{ ipa_server_password }}"
|
|
register: kinit
|
|
changed_when: kinit.rc == 0
|
|
no_log: True
|
|
|
|
- name: setup the undercloud and get keytab
|
|
include_role:
|
|
name: tripleo_ipa_setup
|