From 2c2b16dc1e518f282c23d287c06d861db5781cdd Mon Sep 17 00:00:00 2001
From: Ronelle Landy <rlandy@redhat.com>
Date: Mon, 31 Oct 2022 08:54:39 -0400
Subject: [PATCH] Modify IPA install and usage for multi-env

Remove auto-reverse from IPA server install as
this option is causing errors in environments
where the zone being created already exists and
is owned by some other dns server.
See related change in:
https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/737058/.

This patch also stops the unbound service if it
is running on the undercloud.

Change-Id: Ie46809379e5c143910560b4d3f7cb0eee6f80ea1
---
 playbooks/baremetal-full-freeipa.yml               | 7 +++++++
 roles/freeipa-setup/templates/deploy_freeipa.sh.j2 | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/playbooks/baremetal-full-freeipa.yml b/playbooks/baremetal-full-freeipa.yml
index c2a25ad49..fc195c6da 100644
--- a/playbooks/baremetal-full-freeipa.yml
+++ b/playbooks/baremetal-full-freeipa.yml
@@ -96,6 +96,13 @@
             name: NetworkManager
             state: reloaded
 
+        - name: disable unbound service
+          become: true
+          service:
+            name: unbound
+            state: stopped
+          ignore_errors: true
+
     - name: remove any existing entries from the resolv.conf file
       become: true
       lineinfile:
diff --git a/roles/freeipa-setup/templates/deploy_freeipa.sh.j2 b/roles/freeipa-setup/templates/deploy_freeipa.sh.j2
index 848cffa02..62a251bf2 100644
--- a/roles/freeipa-setup/templates/deploy_freeipa.sh.j2
+++ b/roles/freeipa-setup/templates/deploy_freeipa.sh.j2
@@ -71,7 +71,9 @@ ipa-server-install -U \
 {% else %}
     --auto-forwarders \
 {% endif %}
+{% if cloudenv is not defined or cloudenv not in ['internal'] -%}
     --auto-reverse {{ ipa_server_install_params|default('') }}
+{% endif %}
 ## * Set CA to create CRL on restart
 sed -i "s/ca.crl.MasterCRL.publishOnStart=.*/ca.crl.MasterCRL.publishOnStart=true/" /etc/pki/pki-tomcat/ca/CS.cfg
 systemctl restart pki-tomcatd@pki-tomcat.service