From 2e57b2b8a4134767d18a871d8201b5a829ca5085 Mon Sep 17 00:00:00 2001
From: Grzegorz Grasza <xek@redhat.com>
Date: Fri, 3 Apr 2020 13:47:37 +0200
Subject: [PATCH] Create DNS entries in IPA for openstack services

This adds forward and reverse DNS records for all services.

Without the reverse DNS entries, certificates cannot be created
for etcd which requires a subject alternative name (SAN) entry
to be included. This is used by cinder for A/A support.

The task is delegated to tripleo-ipa. It uses the host_entry
which is also used for managing the entries in /etc/hosts.

Change-Id: I41681f90f70fa0dffe4abbe3d6d5c48015589f66
(cherry picked from commit fe3f38d3a9a6d8795dd7109930ce433dc4488df6)
Related-bug: #1869955
Related: rhbz#1804079
---
 .../ipa/ipaservices-baremetal-ansible.yaml    | 26 ++++++++++++++-----
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/deployment/ipa/ipaservices-baremetal-ansible.yaml b/deployment/ipa/ipaservices-baremetal-ansible.yaml
index 87a32af918..52ce3fc5b5 100644
--- a/deployment/ipa/ipaservices-baremetal-ansible.yaml
+++ b/deployment/ipa/ipaservices-baremetal-ansible.yaml
@@ -61,8 +61,16 @@ parameters:
     type: boolean
   IdMEnrollBaseServer:
     default: True
-    description: Set to true to enroll the base server (computes, controllers)
+    description:  Set to true to enroll the base server (computes, controllers)
     type: boolean
+  IdMZoneSplitIPv4:
+    default: 1
+    description:  The level by which the PTR DNS record is split when creating zones.
+    type: string
+  IdMZoneSplitIPv6:
+    default: 1
+    description:  The level by which the PTR DNS record is split when creating zones.
+    type: string
 
 outputs:
   role_data:
@@ -76,18 +84,22 @@ outputs:
           when: step|int == 1
           block:
             - include_role:
-              name: tripleo_ipa_registration
-              apply:
-                environment:
-                  IPA_USER: "nova/{{ ansible_fqdn }}"
-                  IPA_HOST: {get_param: IdMServer}
-                  KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
+                name: tripleo_ipa_registration
               vars:
                 tripleo_ipa_enroll_base_server: {get_param: IdMEnrollBaseServer}
                 tripleo_ipa_delegate_server: "{{ item }}"
                 tripleo_ipa_base_server_fqdn: "{{hostvars[item]['fqdn_canonical']}}"
                 tripleo_ipa_server_metadata: "{{hostvars[item]['service_metadata_settings'] | to_json }}"
               loop: "{{ groups.certmonger_user }}"
+            - include_role:
+                name: tripleo_ipa_dns
+              vars:
+                tripleo_ipa_ptr_zone_split_ipv4: {get_param: IdMZoneSplitIPv4}
+                tripleo_ipa_ptr_zone_split_ipv6: {get_param: IdMZoneSplitIPv6}
+              environment:
+                IPA_HOST: {get_param: IdMServer}
+                IPA_USER: "nova/{{ ansible_fqdn }}"
+                KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
       deploy_steps_tasks:
         - name: enroll the node as an ipa client
           when: step|int == 1