Merge "Add kdc03.openstack.org"

doc/source/kerberos.rst

@@ -46,8 +46,10 @@ Set up host principals for slave propagation::
 
    # execute kadmin.local then run these commands
    addprinc -randkey host/kdc01.openstack.org
+   addprinc -randkey host/kdc03.openstack.org
    addprinc -randkey host/kdc04.openstack.org
    ktadd host/kdc01.openstack.org
+   ktadd host/kdc03.openstack.org
    ktadd host/kdc04.openstack.org
 
 Copy the file `/etc/krb5.keytab` to the second kdc host.
@@ -114,8 +116,8 @@ Should you need perform maintenance on the kerberos server that requires
 taking kerberos processes offline you can do this by performing your
 updates on a single server at a time.
 
-`kdc01.openstack.org` is our primary server and `kdc04.openstack.org`
-is the hot standby. Perform your maintenance on `kdc04.openstack.org`
+`kdc01.openstack.org` is our primary server and `kdc0[34].openstack.org`
+is the hot standby. Perform your maintenance on `kdc0[34].openstack.org`
 first. Then once that is done we can prepare for taking down the
 primary. On `kdc01.openstack.org` run::
 
@@ -123,6 +125,7 @@ primary. On `kdc01.openstack.org` run::
 
 You should see::
 
+  Database propagation to kdc03.openstack.org: SUCCEEDED
   Database propagation to kdc04.openstack.org: SUCCEEDED
 
 Once this is done the standby server is ready and we can take kdc01
@@ -138,6 +141,7 @@ Kerberos uses the following DNS entries::
   _kerberos-adm._tcp.openstack.org.    300 IN SRV 0 0 749 kdc01.openstack.org.
   _kerberos-master._udp.openstack.org. 300 IN SRV 0 0 88 kdc01.openstack.org.
   _kerberos._udp.openstack.org.        300 IN SRV 0 0 88 kdc04.openstack.org.
+  _kerberos._udp.openstack.org.        300 IN SRV 0 0 88 kdc03.openstack.org.
   _kerberos._udp.openstack.org.        300 IN SRV 0 0 88 kdc01.openstack.org.
   _kerberos.openstack.org.             300 IN TXT "OPENSTACK.ORG"
 

hiera/common.yaml

@@ -262,6 +262,7 @@ cacti_hosts:
 - groups.openstack.org
 - health.openstack.org
 - kdc01.openstack.org
+- kdc03.openstack.org
 - kdc04.openstack.org
 - lists.openstack.org
 - logstash-worker01.openstack.org

inventory/openstack.yaml

@@ -301,6 +301,13 @@ all:
         region_name: DFW
       public_v4: 104.130.154.186
       public_v6: 2001:4800:7818:103:fc6b:fcd5:e132:b4f5
+    kdc03.openstack.org:
+      ansible_host: 2001:4800:7817:104:be76:4eff:fe01:491e
+      location:
+        cloud: openstackci-rax
+        region_name: DFW
+      public_v4: 23.253.107.82
+      public_v6: 2001:4800:7817:104:be76:4eff:fe01:491e
     kdc04.openstack.org:
       ansible_host: 2001:4801:7827:101:be76:4eff:fe10:8bc5
       location:

manifests/site.pp

@@ -1176,6 +1176,16 @@ node /^kdc01\.open.*\.org$/ {
   class { 'openstack_project::kdc': }
 }
 
+# Node-OS: xenial
+# This node will become the new master when we retire kdc01
+node /^kdc03\.open.*\.org$/ {
+  class { 'openstack_project::server': }
+
+  class { 'openstack_project::kdc':
+    slave => true,
+  }
+}
+
 # Node-OS: xenial
 node /^kdc04\.open.*\.org$/ {
   class { 'openstack_project::server': }

modules/openstack_project/manifests/kdc.pp

@@ -6,10 +6,12 @@ class openstack_project::kdc (
     realm        => 'OPENSTACK.ORG',
     kdcs         => [
       'kdc01.openstack.org',
+      'kdc03.openstack.org',
       'kdc04.openstack.org',
     ],
     admin_server => 'kdc.openstack.org',
     slaves       => [
+      'kdc03.openstack.org',
       'kdc04.openstack.org',
     ],
     slave        => $slave,

modules/openstack_project/manifests/server.pp

@@ -25,6 +25,7 @@ class openstack_project::server (
       cache_size   => $afs_cache_size,
       kdcs         => [
         'kdc01.openstack.org',
+        'kdc03.openstack.org',
         'kdc04.openstack.org',
       ],
     }