Create DNS entries in IPA for openstack services

This adds forward and reverse DNS records for all services. Without the reverse DNS entries, certificates cannot be created for etcd which requires a subject alternative name (SAN) entry to be included. This is used by cinder for A/A support. The task is delegated to tripleo-ipa. It uses the host_entry which is also used for managing the entries in /etc/hosts. Depends-On: https://review.opendev.org/#/c/716982/ Change-Id: I41681f90f70fa0dffe4abbe3d6d5c48015589f66 Related-bug: #1869955 Related: rhbz#1804079
2020-04-03 13:47:37 +02:00 · 2020-04-03 13:47:37 +02:00 · fe3f38d3a9
parent ae68c90b92
commit fe3f38d3a9
1 changed files with 17 additions and 5 deletions
--- a/deployment/ipa/ipaservices-baremetal-ansible.yaml
+++ b/deployment/ipa/ipaservices-baremetal-ansible.yaml
@ -63,6 +63,14 @@ parameters:
    default: True
    description:  Set to true to enroll the base server (computes, controllers)
    type: boolean
+  IdMZoneSplitIPv4:
+    default: 1
+    description:  The level by which the PTR DNS record is split when creating zones.
+    type: string
+  IdMZoneSplitIPv6:
+    default: 1
+    description:  The level by which the PTR DNS record is split when creating zones.
+    type: string

 outputs:
  role_data:
@ -77,17 +85,21 @@ outputs:
          block:
          - include_role:
              name: tripleo_ipa_registration
-              apply:
-                environment:
-                  IPA_USER: "nova/{{ ansible_fqdn }}"
-                  IPA_HOST: {get_param: IdMServer}
-                  KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
            vars:
              tripleo_ipa_enroll_base_server: {get_param: IdMEnrollBaseServer}
              tripleo_ipa_delegate_server: "{{ item }}"
              tripleo_ipa_base_server_fqdn:  "{{hostvars[item]['fqdn_canonical']}}"
              tripleo_ipa_server_metadata: "{{hostvars[item]['service_metadata_settings'] | to_json }}"
            loop: "{{ groups.certmonger_user }}"
+          - include_role:
+              name: tripleo_ipa_dns
+            vars:
+              tripleo_ipa_ptr_zone_split_ipv4: {get_param: IdMZoneSplitIPv4}
+              tripleo_ipa_ptr_zone_split_ipv6: {get_param: IdMZoneSplitIPv6}
+          environment:
+            IPA_HOST: {get_param: IdMServer}
+            IPA_USER: "nova/{{ ansible_fqdn }}"
+            KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
      deploy_steps_tasks:
        - name: enroll the node as an ipa client
          when: step|int == 1