Fix novajoin FreeIPA server parameter
We need the FreeIPA server hostname in order to request the kerberos keytab for the novajoin process. For the containerized case, we assume that the node is enrolled to FreeIPA before puppet is ran. This, however, is not the case for the baremetal case, since puppet calls the FreeIPA enrollment. Thus, we need to handle this case. Change-Id: If73a7b674536df33c32507977941be784f82e8f4 Closes-Bug: #1761786
This commit is contained in:
parent
e9aa809dd3
commit
150bff424f
|
@ -176,6 +176,13 @@ class nova::metadata::novajoin::api (
|
|||
|
||||
if $enable_ipa_client_install {
|
||||
require ::ipaclient
|
||||
# If we're installing IPA here, the hostname fact won't be populated yet,
|
||||
# so we'll use a command to get it.
|
||||
$ipa_hostname_real = '`grep xmlrpc_uri /etc/ipa/default.conf | cut -d/ -f3`'
|
||||
} else {
|
||||
# This assumes that the current node is already IPA enrolled, so the
|
||||
# fact will work here.
|
||||
$ipa_hostname_real = $::ipa_hostname
|
||||
}
|
||||
|
||||
package { 'python-novajoin':
|
||||
|
@ -262,7 +269,7 @@ class nova::metadata::novajoin::api (
|
|||
}
|
||||
|
||||
exec { 'get-service-user-keytab':
|
||||
command => "/usr/bin/kinit -kt /etc/krb5.keytab && ipa-getkeytab -s ${::ipa_hostname} \
|
||||
command => "/usr/bin/kinit -kt /etc/krb5.keytab && ipa-getkeytab -s ${ipa_hostname_real} \
|
||||
-p nova/${::fqdn} -k ${keytab}",
|
||||
creates => $keytab,
|
||||
}
|
||||
|
|
|
@ -131,10 +131,17 @@ describe 'nova::metadata::novajoin::api' do
|
|||
end
|
||||
|
||||
it 'is_expected.to get service user keytab' do
|
||||
is_expected.to contain_exec('get-service-user-keytab').with(
|
||||
'command' => "/usr/bin/kinit -kt /etc/krb5.keytab && ipa-getkeytab -s ipa.ipadomain \
|
||||
if param_hash[:enable_ipa_client_install]
|
||||
is_expected.to contain_exec('get-service-user-keytab').with(
|
||||
'command' => "/usr/bin/kinit -kt /etc/krb5.keytab && ipa-getkeytab -s `grep xmlrpc_uri /etc/ipa/default.conf | cut -d/ -f3` \
|
||||
-p nova/undercloud.example.com -k #{param_hash[:keytab]}",
|
||||
)
|
||||
)
|
||||
else
|
||||
is_expected.to contain_exec('get-service-user-keytab').with(
|
||||
'command' => "/usr/bin/kinit -kt /etc/krb5.keytab && ipa-getkeytab -s ipa.ipadomain \
|
||||
-p nova/undercloud.example.com -k #{param_hash[:keytab]}",
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
it { is_expected.to contain_file("/var/log/novajoin").with(
|
||||
|
|
Loading…
Reference in New Issue