Create DNS entries in IPA for openstack services

This adds forward and reverse DNS records for all services. Without the reverse DNS entries, certificates cannot be created for etcd which requires a subject alternative name (SAN) entry to be included. This is used by cinder for A/A support. The task is delegated to tripleo-ipa. It uses the host_entry which is also used for managing the entries in /etc/hosts. Change-Id: I41681f90f70fa0dffe4abbe3d6d5c48015589f66 (cherry picked from commit fe3f38d3a9) Related-bug: #1869955 Related: rhbz#1804079
2020-04-03 13:47:37 +02:00 · 2020-04-03 13:47:37 +02:00 · 2e57b2b8a4
parent afb7b78e3a
commit 2e57b2b8a4
1 changed files with 19 additions and 7 deletions
--- a/deployment/ipa/ipaservices-baremetal-ansible.yaml
+++ b/deployment/ipa/ipaservices-baremetal-ansible.yaml
@ -61,8 +61,16 @@ parameters:
    type: boolean
  IdMEnrollBaseServer:
    default: True
-    description: Set to true to enroll the base server (computes, controllers)
+    description:  Set to true to enroll the base server (computes, controllers)
    type: boolean
+  IdMZoneSplitIPv4:
+    default: 1
+    description:  The level by which the PTR DNS record is split when creating zones.
+    type: string
+  IdMZoneSplitIPv6:
+    default: 1
+    description:  The level by which the PTR DNS record is split when creating zones.
+    type: string

 outputs:
  role_data:
@ -76,18 +84,22 @@ outputs:
          when: step|int == 1
          block:
            - include_role:
-              name: tripleo_ipa_registration
-              apply:
-                environment:
-                  IPA_USER: "nova/{{ ansible_fqdn }}"
-                  IPA_HOST: {get_param: IdMServer}
-                  KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
+                name: tripleo_ipa_registration
              vars:
                tripleo_ipa_enroll_base_server: {get_param: IdMEnrollBaseServer}
                tripleo_ipa_delegate_server: "{{ item }}"
                tripleo_ipa_base_server_fqdn: "{{hostvars[item]['fqdn_canonical']}}"
                tripleo_ipa_server_metadata: "{{hostvars[item]['service_metadata_settings'] | to_json }}"
              loop: "{{ groups.certmonger_user }}"
+            - include_role:
+                name: tripleo_ipa_dns
+              vars:
+                tripleo_ipa_ptr_zone_split_ipv4: {get_param: IdMZoneSplitIPv4}
+                tripleo_ipa_ptr_zone_split_ipv6: {get_param: IdMZoneSplitIPv6}
+              environment:
+                IPA_HOST: {get_param: IdMServer}
+                IPA_USER: "nova/{{ ansible_fqdn }}"
+                KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
      deploy_steps_tasks:
        - name: enroll the node as an ipa client
          when: step|int == 1