This is a follow-on to I60b40897486b29beafc76025790c501b5055313d to
switch the KDC servers to Ansible control and remove any related
puppet configuration.
Change-Id: Ib8f6ec657ca10a3ba648bd154a035fc3d8da4be5
This change will convert kdc03 to a master from a hot standby and will
remove kdc01 from management.
Cutover plan:
Disable kdc01 in ansible emergeny file
Stop run-kprop cron on kdc01
Stop kadmind on kdc01
Execute run-kprop.sh on kdc01
Merge this change
Wait for puppet to convert kdc03 to the master
Confirm that run-kprop works from kdc03 to kdc04
Update dns records as documented in our kerberos docs
Test kadmin works
Delete old kdc01 server
Change-Id: Ib14b11fa1f0a6bc11b0f615ce5b6f6be214b5629
This new Xenial server is being added as a kerberos standby node but
will be used to replace kdc01 as the master once fully configured and
happy as a standby. This replaces the old trusty server.
Note that the server wasn't added to opendev.org as we don't have a
kerberos realm for that domain so that would be a separate activity for
the future.
Change-Id: I4cc5fcd7504c98a7bcd9dc4f2ad57bb5bf8b54bd
We no longer need kdc02.o.o (ubuntu trusty), now that kdc04.o.o
(ubuntu xenial) is online.
Change-Id: I92b879f7a233dc81c0d64153b293ac12f7e72a40
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Move openstack_project::server into site.pp like other nodes, this was
the old way of provisioning servers.
Change-Id: If36ace9c377881e25d30e1f7f0184383b894ca17
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Step one in an AFS cell is getting kerberos working. This does not
provide end-to-end KDC management - the realm still needs to be
created by hand.
Change-Id: I891d784d676ab79e7aca9c883dd9e705a30db6e5
Ian Wienand