summaryrefslogtreecommitdiffstats
path: root/puppet/extraconfig
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/extraconfig')
-rw-r--r--puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml2
-rw-r--r--puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/multiple.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/default.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/per_node.yaml2
-rw-r--r--puppet/extraconfig/tls/ca-inject.yaml2
-rw-r--r--puppet/extraconfig/tls/freeipa-enroll.yaml83
-rw-r--r--puppet/extraconfig/tls/tls-cert-inject.yaml2
16 files changed, 98 insertions, 15 deletions
diff --git a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml
index 6a2ea4d5..3daf3fd3 100644
--- a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml
+++ b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-10-15
+heat_template_version: ocata
description: Configure hieradata for all MidoNet nodes
diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
index 7bda0cd5..cb8d498c 100644
--- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
+++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
description: Configure hieradata for Network Cisco configuration
diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml
index 49c77190..7fe2a842 100644
--- a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml
+++ b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
description: Configure hieradata for Big Switch agents on compute node
diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml
index f5b1f0e6..66252f1f 100644
--- a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml
+++ b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
description: Compute node hieradata for Neutron OpenContrail configuration
diff --git a/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml b/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml
index 5561c74a..47c782c7 100644
--- a/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml
+++ b/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
description: Configure hieradata for Nuage configuration on the Compute
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
index 9423208e..7d639883 100644
--- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-10-15
+heat_template_version: ocata
description: Configure hieradata for Cinder Dell Storage Center configuration
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
index c7af6f22..30509044 100644
--- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-10-15
+heat_template_version: ocata
description: Configure hieradata for Cinder Eqlx configuration
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
index 48446e5a..763ae39a 100644
--- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
description: Configure hieradata for Cinder Netapp configuration
diff --git a/puppet/extraconfig/pre_deploy/controller/multiple.yaml b/puppet/extraconfig/pre_deploy/controller/multiple.yaml
index f949a397..d3d546dd 100644
--- a/puppet/extraconfig/pre_deploy/controller/multiple.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/multiple.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2014-10-16
+heat_template_version: ocata
description: 'Extra Pre-Deployment Config, multiple'
parameters:
server:
diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml
index 467f57cc..0f4806db 100644
--- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
description: Configure hieradata for Neutron Big Switch configuration
diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml
index cec885cd..6eae812f 100644
--- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
description: Configure hieradata for Cisco N1KV configuration
diff --git a/puppet/extraconfig/pre_deploy/default.yaml b/puppet/extraconfig/pre_deploy/default.yaml
index dcbc6811..5da07f87 100644
--- a/puppet/extraconfig/pre_deploy/default.yaml
+++ b/puppet/extraconfig/pre_deploy/default.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2014-10-16
+heat_template_version: ocata
description: 'Noop Extra Pre-Deployment Config'
parameters:
server:
diff --git a/puppet/extraconfig/pre_deploy/per_node.yaml b/puppet/extraconfig/pre_deploy/per_node.yaml
index e236e336..65113f6a 100644
--- a/puppet/extraconfig/pre_deploy/per_node.yaml
+++ b/puppet/extraconfig/pre_deploy/per_node.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
description: Configure hieradata overrides for specific nodes
diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml
index f955034d..04b5ccf6 100644
--- a/puppet/extraconfig/tls/ca-inject.yaml
+++ b/puppet/extraconfig/tls/ca-inject.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
description: >
This is a template which will inject the trusted anchor.
diff --git a/puppet/extraconfig/tls/freeipa-enroll.yaml b/puppet/extraconfig/tls/freeipa-enroll.yaml
new file mode 100644
index 00000000..7ce15069
--- /dev/null
+++ b/puppet/extraconfig/tls/freeipa-enroll.yaml
@@ -0,0 +1,83 @@
+heat_template_version: ocata
+
+description: Enroll nodes to FreeIPA
+
+parameters:
+ server:
+ description: ID of the controller node to apply this config to
+ type: string
+
+ CloudDomain:
+ description: >
+ The configured cloud domain; this will also be used as the kerberos realm
+ type: string
+
+ FreeIPAOTP:
+ default: ''
+ description: 'OTP that will be used for FreeIPA enrollment'
+ type: string
+ hidden: true
+ FreeIPAServer:
+ default: ''
+ description: 'FreeIPA server DNS name'
+ type: string
+ FreeIPAIPAddress:
+ default: ''
+ description: 'FreeIPA server IP Address'
+ type: string
+
+resources:
+ FreeIPAEnrollmentConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ inputs:
+ - name: otp
+ - name: ipa_server
+ - name: ipa_domain
+ - name: ipa_ip
+ config: |
+ #!/bin/sh
+ # If no IPA server was given as a parameter, it will be assumed from
+ # DNS.
+ if [ -n "${ipa_server}" ]; then
+ sed -i "/${ipa_server}/d" /etc/hosts
+ # Optionally add the FreeIPA server IP to /etc/hosts
+ if [ -n "${ipa_ip}" ]; then
+ echo "${ipa_ip} ${ipa_server}" >> /etc/hosts
+ fi
+ fi
+ # Set the node's domain if needed
+ if [ ! $(hostname -f | grep "${ipa_domain}$") ]; then
+ hostnamectl set-hostname "$(hostname).${ipa_domain}"
+ fi
+ yum install -y ipa-client
+ # Enroll. If there is already keytab, we have already done this. If
+ # this node hasn't enrolled and the OTP is missing, fail.
+ if [ ! -f /etc/krb5.keytab ]; then
+ if [ -z "${otp}" ]; then
+ echo "OTP is missing"
+ exit 1
+ fi
+ ipa-client-install --server ${ipa_server} -w ${otp} \
+ --domain=${ipa_domain} -U
+ fi
+ # Get a TGT
+ kinit -k -t /etc/krb5.keytab
+
+ FreeIPAControllerEnrollmentDeployment:
+ type: OS::Heat::SoftwareDeployment
+ properties:
+ name: FreeIPAEnrollmentDeployment
+ config: {get_resource: FreeIPAEnrollmentConfig}
+ server: {get_param: server}
+ input_values:
+ otp: {get_param: FreeIPAOTP}
+ ipa_server: {get_param: FreeIPAServer}
+ ipa_domain: {get_param: CloudDomain}
+ ipa_ip: {get_param: FreeIPAIPAddress}
+
+outputs:
+ deploy_stdout:
+ description: Output of the FreeIPA enrollment deployment
+ value: {get_attr: [FreeIPAControllerEnrollmentDeployment, deploy_stdout]}
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index 49d84574..2a61afc0 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
description: >
This is a template which will build the TLS Certificates necessary