x/tripleo-ipa
Code Issues Proposed changes
tripleo-ipa/tripleo_ipa/molecule/deregister/converge.yml
Grzegorz Grasza e404fe19a8 Update to new quay.io images 
This updates the freeipa-server image to fedora-36 and
molecule images to stream9.

Change-Id: I026207760d917524cee69dddd41448f3bc0245d2
2022-08-03 09:51:26 +02:00

265 lines
8.4 KiB
YAML
Raw Blame History

---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Setup server
hosts: all
vars:
ipa_domain: example.test
ipa_server_ip: 10.88.0.22
ipa_server_user: admin
ipa_server_password: password123
ipa_server_hostname: ipa.example.test
undercloud_fqdn: test-0.example.test
tasks:
- name: set resolv.conf to point to the ipa server
shell:
cmd: cat > /etc/resolv.conf
stdin: |
search {{ ipa_domain }}
nameserver {{ ipa_server_ip }}
- name: Set fqdn in /etc/hosts
shell:
cmd: cat > /etc/hosts
- name: Set fqdn in /etc/hosts
shell:
cmd: cat > /etc/hosts
stdin: |
127.0.0.1 test-1.example.test test-1 localhost localhost.localdomain
- name: enroll the server as an ipa client using admin creds
shell: |
ipa-client-install -U \
--server "{{ ipa_server_hostname }}" \
--domain "{{ ipa_domain }}" \
--realm "{{ ipa_domain | upper }}" \
--principal "{{ ipa_server_user }}" \
--password "{{ ipa_server_password }}" \
--no-ntp --force-join --no-nisdomain
args:
creates: /etc/ipa/default.conf
# we need this keytab for operations that we cannot do yet with ansible
- name: kinit to get admin creds
command: kinit "{{ ipa_server_user }}"
args:
stdin: "{{ ipa_server_password }}"
- name: ensure "tripleo-admin" group exists
group:
name: tripleo-admin
state: present
- name: create users, perms, get keytab
include_role:
name: tripleo_ipa_setup
apply:
environment:
IPA_USER: "{{ ipa_server_user }}"
IPA_HOST: "{{ ipa_server_hostname }}"
IPA_PASS: "{{ ipa_server_password }}"
- name: Converge - add host and relevant services for test-1 host
hosts: all
vars:
tripleo_ipa_enroll_base_server: true
tripleo_ipa_base_server_fqdn: test-1.example.test
tripleo_ipa_base_server_short_name: test-1
tripleo_ipa_base_server_domain: example.test
tripleo_ipa_delegate_server: localhost
tripleo_ipa_server_metadata: |
{
"compact_service_HTTP": [
"ctlplane",
"storage",
"storagemgmt",
"internalapi",
"external"
],
"compact_service_haproxy": [
"ctlplane",
"storage",
"storagemgmt",
"internalapi"
],
"compact_service_libvirt-vnc": [
"internalapi"
],
"compact_service_mysql": [
"internalapi"
],
"compact_service_neutron_ovn": [
"internalapi"
],
"compact_service_novnc-proxy": [
"internalapi"
],
"compact_service_ovn_controller": [
"internalapi"
],
"compact_service_ovn_dbs": [
"internalapi"
],
"compact_service_rabbitmq": [
"internalapi"
],
"compact_service_redis": [
"internalapi"
],
"managed_service_haproxyctlplane": "haproxy/overcloud.ctlplane.example.test",
"managed_service_haproxyexternal": "haproxy/overcloud.example.test",
"managed_service_haproxyinternal_api": "haproxy/overcloud.internalapi.example.test",
"managed_service_haproxystorage": "haproxy/overcloud.storage.example.test",
"managed_service_haproxystorage_mgmt": "haproxy/overcloud.storagemgmt.example.test",
"managed_service_mysqlinternal_api": "mysql/overcloud.internalapi.example.test",
"managed_service_ovn_dbsinternal_api": "ovn_dbs/overcloud.internalapi.example.test",
"managed_service_redisinternal_api": "redis/overcloud.internalapi.example.test"
}
roles:
- name: tripleo_ipa_registration
environment:
IPA_USER: admin
IPA_HOST: ipa.example.test
IPA_PASS: password123
- name: Converge - add host and relevant services for test-2 host
hosts: all
vars:
tripleo_ipa_enroll_base_server: true
tripleo_ipa_base_server_fqdn: test-2.example.test
tripleo_ipa_base_server_short_name: test-2
tripleo_ipa_base_server_domain: example.test
tripleo_ipa_delegate_server: localhost
tripleo_ipa_server_metadata: |
{
"compact_service_HTTP": [
"ctlplane",
"storage",
"storagemgmt",
"internalapi",
"external"
],
"compact_service_haproxy": [
"ctlplane",
"storage",
"storagemgmt",
"internalapi"
],
"compact_service_libvirt-vnc": [
"internalapi"
],
"compact_service_mysql": [
"internalapi"
],
"compact_service_neutron_ovn": [
"internalapi"
],
"compact_service_novnc-proxy": [
"internalapi"
],
"compact_service_ovn_controller": [
"internalapi"
],
"compact_service_ovn_dbs": [
"internalapi"
],
"compact_service_rabbitmq": [
"internalapi"
],
"compact_service_redis": [
"internalapi"
],
"managed_service_haproxyctlplane": "haproxy/overcloud.ctlplane.example.test",
"managed_service_haproxyexternal": "haproxy/overcloud.example.test",
"managed_service_haproxyinternal_api": "haproxy/overcloud.internalapi.example.test",
"managed_service_haproxystorage": "haproxy/overcloud.storage.example.test",
"managed_service_haproxystorage_mgmt": "haproxy/overcloud.storagemgmt.example.test",
"managed_service_mysqlinternal_api": "mysql/overcloud.internalapi.example.test",
"managed_service_ovn_dbsinternal_api": "ovn_dbs/overcloud.internalapi.example.test",
"managed_service_redisinternal_api": "redis/overcloud.internalapi.example.test"
}
roles:
- name: tripleo_ipa_registration
environment:
IPA_USER: admin
IPA_HOST: ipa.example.test
IPA_PASS: password123
- name: Simulate bad enrollment for test-3 host
hosts: all
vars:
ipa_server_user: admin
ipa_server_password: password123
ipa_server_hostname: ipa.example.test
tasks:
# We do this to simulate a bad enrollment. If the host has already been
# added, but isn't enrolled we need to recreate the host during
# tripleo_ipa_registration. Add this host shouldn't cause the
# tripleo_ipa_registration role to fail. It should handle it gracefully.
# This host isn't enrolled and doesn't have a keytab associated to it
# because it's disabled.
- name: create a pre-existing host test-3
ipa_host:
fqdn: 'test-3.example.test'
force: true
ipa_user: "{{ ipa_server_user }}"
ipa_pass: "{{ ipa_server_password }}"
ipa_host: "{{ ipa_server_hostname }}"
- name: Converge - add host and relevant services for test-3 host
hosts: all
vars:
tripleo_ipa_enroll_base_server: true
tripleo_ipa_base_server_fqdn: test-3.example.test
tripleo_ipa_base_server_short_name: test-3
tripleo_ipa_base_server_domain: example.test
tripleo_ipa_delegate_server: localhost
tripleo_ipa_server_metadata: |
{
"compact_service_libvirt": [
"internalapi"
],
"compact_service_libvirt-vnc": [
"internalapi"
],
"compact_service_ovn_controller": [
"internalapi"
],
"compact_service_ovn_metadata": [
"internalapi"
],
"compact_service_qemu": [
"internalapi"
]
}
roles:
- name: tripleo_ipa_registration
environment:
IPA_USER: admin
IPA_HOST: ipa.example.test
IPA_PASS: password123
- name: Converge - delete host and relevant services
hosts: all
vars:
ipa_server_hostname: ipa.example.test
tasks:
- name: Include IPA Cleanup
include_role:
name: tripleo_ipa_cleanup
vars:
tripleo_ipa_hosts_to_delete: ['test-1.example.test']
tripleo_ipa_keytab: "/etc/novajoin/krb5.keytab"
View Git Blame Copy Permalink