Modify IPA install and usage for multi-env

Remove auto-reverse from IPA server install as this option is causing errors in environments where the zone being created already exists and is owned by some other dns server. See related change in: https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/737058/. This patch also stops the unbound service if it is running on the undercloud. Change-Id: Ie46809379e5c143910560b4d3f7cb0eee6f80ea1
2022-10-31 08:54:39 -04:00 · 2022-10-31 08:54:39 -04:00 · 2c2b16dc1e
parent 1380d6158b
commit 2c2b16dc1e
2 changed files with 9 additions and 0 deletions
--- a/playbooks/baremetal-full-freeipa.yml
+++ b/playbooks/baremetal-full-freeipa.yml
@ -96,6 +96,13 @@
            name: NetworkManager
            state: reloaded

+        - name: disable unbound service
+          become: true
+          service:
+            name: unbound
+            state: stopped
+          ignore_errors: true
+
    - name: remove any existing entries from the resolv.conf file
      become: true
      lineinfile:
--- a/roles/freeipa-setup/templates/deploy_freeipa.sh.j2
+++ b/roles/freeipa-setup/templates/deploy_freeipa.sh.j2
@ -71,7 +71,9 @@ ipa-server-install -U \
 {% else %}
    --auto-forwarders \
 {% endif %}
+{% if cloudenv is not defined or cloudenv not in ['internal'] -%}
    --auto-reverse {{ ipa_server_install_params|default('') }}
+{% endif %}
 ## * Set CA to create CRL on restart
 sed -i "s/ca.crl.MasterCRL.publishOnStart=.*/ca.crl.MasterCRL.publishOnStart=true/" /etc/pki/pki-tomcat/ca/CS.cfg
 systemctl restart pki-tomcatd@pki-tomcat.service