With python3 we are getting the following error:
Traceback (most recent call last):
File "/usr/bin/novajoin-ipa-setup", line 103, in <module>
args['tls_ca_cert'] = cafile.decode('UTF-8')
AttributeError: 'str' object has no attribute 'decode'
Let's just use the normal assignment in case the .decode() call
fails.
Also apply the same fixes to files/cloud-config-novajoin.json
Tested and we correctly get past this error.
Change-Id: Ia77ebde46ff885c9f929d834f981acb97f26a4ec
Co-Authored-By: Luca Miccini <lmiccini@redhat.com>
Closes-Bug: #1820961
In freeipa f62a0fdb904d2a4bb1961847e240dbb6df3b0b67 the IPA
client library was modified to remove the log_manager. This patch
fixes the novajoin code for all versions of IPA.
See rhbz# 1644747
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Co-Authored-By: Grzegorz Grasza <xek@redhat.com>
Change-Id: I2da12bedfc8790ebd1005c98f2e05953d127b3b9
We were falling back to using the KRB5CCNAME that the user had set
beforehand instead of relying on the one that we get from using the
credentials that the user actually provided.
This lead to the credentials being ignored, and the setup failing.
Closes-Bug: #1746989
Change-Id: I90daa2d3341989878b7b4da8ed9cbb23e08da68b
The changes were more significant than just a few imports as
initially thought. The RPC API changed signficantly mostly due
to switching from NSS to OpenSSL as the crypto layer.
Related changes include:
* Handling the new random password generator
* Writing the CA chain to a file instead of an NSS db
* Dealing with certificates having their own object
These are handled via the ipapython.version library to tell
what version of IPA we have. This cannot rely on the API
value because these changes are lower-level.
Change-Id: I8ee03edc4b0b2db566db43f2ea64256fe15a3a8b
IPA 4.4 added thin client capabilities. This is done by downloading
the call schema from the IPA server and is done during the
finalize() step. This requires a TGT.
So we need to ensure that a kinit is done before finalize() is
called both in the standalone installer and in the ipa code.
Change-Id: Id87b83cb945c946cf78c425aae19c311d900249a
For the case of Triple-O we don't want to pass IPA admin
credentials to the undercloud so instead pre-create the IPA
entries for undercloud and pass in an OTP that can be used to
enroll it using ipa-client-install.
Another feature of --precreate is that it doesn't require the
machine to be enrolled as an IPA client. The required options must
be provided on the command-line.
Change-Id: Ia69b5b4fbc275c04f5e07e9d2ef62e3547725ac8
When installing via puppet the configuration changes aren't
necessary and in fact can cause problems. All that really needs
to happen is the IPA work to add the permissions, privilege and
role and create the nova service and fetch the keytab.
This is broken out into a separate class that can be called from
either the existing novajoin-install or the new
novajoin-ipa-setup. The bash script equivalent was removed.
Michele Baldessari