x/tripleo-ipa
Code Issues Proposed changes
tripleo-ipa/tripleo_ipa/playbooks/ipa-server-create-principal.yaml
Dave Wilde (d34dh0r53) c22fc8d07d Playbooks to configure IPA server for tripleo use 
These playbooks are intended to be run against a pre-existing IPA
server and will create the correct roles, permissions and users for
use with tripleo.  The final playbook will provide an OTP to be used
during the configuration of the undercloud.

Change-Id: I2f1c39bc023491f19b917c1a6030937fee3eb101
2020-06-09 10:36:42 -05:00

69 lines
2.6 KiB
YAML
Raw Blame History

---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# This playbook creates the nova user and adds it to the Nova Host Manager IPA
# role. This needs to be executed by a user that has permissions to add services
# and to add them to roles. This needs to be run once per openstack deployment.
- name: Playbook to setup a principal for use with tripleo-ipa
connection: "{{ (tripleo_ipa_host is defined) | ternary('ssh', 'local') }}"
hosts: "{{ tripleo_ipa_host | default('localhost') }}"
tasks:
- name: ensure definitions
fail:
msg: >-
{{ item }} is undefined
when: not item.ansible_var and not item.env_var
with_items:
- name: ipa_principal
ansible_var: "{{ ipa_principal | default('') }}"
env_var: "{{ lookup('env', 'IPA_PRINCIPAL') }}"
- name: ipa_password
ansible_var: "{{ ipa_password | default('') }}"
env_var: "{{ lookup('env', 'IPA_PASSWORD') }}"
- name: undercloud_fqdn
ansible_var: "{{ tripleo_undercloud_fqdn | default('') }}"
env_var: "{{ lookup('env', 'UNDERCLOUD_FQDN') }}"
- name: set IPA server facts
set_fact:
ipa_principal: "{{ tripleo_ipa_principal | default(lookup('env', 'IPA_PRINCIPAL')) }}"
ipa_password: "{{ tripleo_ipa_password | default(lookup('env', 'IPA_PASSWORD')) }}"
undercloud_fqdn: "{{ tripleo_undercloud_fqdn | default(lookup('env', 'UNDERCLOUD_FQDN'))}}"
- name: set nova service user facts
set_fact:
nova_service: "nova/{{ undercloud_fqdn }}"
- name: add nova service
ipa_service:
name: "{{ nova_service }}"
ipa_user: "{{ ipa_principal }}"
ipa_pass: "{{ ipa_password }}"
state: present
force: true
- name: add nova host manager role
ipa_role:
name: Nova Host Manager
ipa_user: "{{ ipa_principal }}"
ipa_pass: "{{ ipa_password }}"
description: Nova Host Manager
privilege:
- Nova Host Management
service:
- "{{ nova_service }}"
View Git Blame Copy Permalink