diff options
author | Jenkins <jenkins@review.openstack.org> | 2016-12-22 23:37:22 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2016-12-22 23:37:22 +0000 |
commit | 6190f56a511fae5a0e7db956f885afe935a6b68e (patch) | |
tree | f7f31aa33dfe29a9a97c29e081e0cb93d0686d0d /puppet | |
parent | a63c2273edeea535e4d2b7fd816688abded51295 (diff) | |
parent | d2c61c5b79500ee8a4509343d3fc80782002fd78 (diff) |
Merge "FreeIPA: Make OTP and FreeIPA server parameters optional"
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/extraconfig/tls/freeipa-enroll.yaml | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/puppet/extraconfig/tls/freeipa-enroll.yaml b/puppet/extraconfig/tls/freeipa-enroll.yaml index 44be7c65..84d431fb 100644 --- a/puppet/extraconfig/tls/freeipa-enroll.yaml +++ b/puppet/extraconfig/tls/freeipa-enroll.yaml @@ -13,10 +13,12 @@ parameters: type: string FreeIPAOTP: + default: '' description: 'OTP that will be used for FreeIPA enrollment' type: string hidden: true FreeIPAServer: + default: '' description: 'FreeIPA server DNS name' type: string FreeIPAIPAddress: @@ -36,18 +38,27 @@ resources: - name: ipa_ip config: | #!/bin/sh - sed -i "/${ipa_server}/d" /etc/hosts - # Optionally add the FreeIPA server IP to /etc/hosts - if [ -n "${ipa_ip}" ]; then - echo "${ipa_ip} ${ipa_server}" >> /etc/hosts + # If no IPA server was given as a parameter, it will be assumed from + # DNS. + if [ -n "${ipa_server}" ]; then + sed -i "/${ipa_server}/d" /etc/hosts + # Optionally add the FreeIPA server IP to /etc/hosts + if [ -n "${ipa_ip}" ]; then + echo "${ipa_ip} ${ipa_server}" >> /etc/hosts + fi fi # Set the node's domain if needed if [ ! $(hostname -f | grep "${ipa_domain}$") ]; then hostnamectl set-hostname "$(hostname).${ipa_domain}" fi yum install -y ipa-client - # Enroll. If there is already keytab, we have already done this. + # Enroll. If there is already keytab, we have already done this. If + # this node hasn't enrolled and the OTP is missing, fail. if [ ! -f /etc/krb5.keytab ]; then + if [ -z "${otp}" ]; then + echo "OTP is missing" + exit 1 + fi ipa-client-install --server ${ipa_server} -w ${otp} \ --domain=${ipa_domain} -U fi |