aaa_ha_freeipa updates
Change-Id: I9e91da1f57bc2ddb2806e74bf71c1c57464a6349
diff --git a/classes/cluster/aaa_ha_freeipa/aaa/freeipa_server.yml b/classes/cluster/aaa_ha_freeipa/aaa/freeipa_server.yml
index 5216422..271479c 100644
--- a/classes/cluster/aaa_ha_freeipa/aaa/freeipa_server.yml
+++ b/classes/cluster/aaa_ha_freeipa/aaa/freeipa_server.yml
@@ -3,6 +3,7 @@
#- system.linux.system.repo.saltstack.rhel7
#- system.haproxy.proxy.listen.
#- system.salt.minion.cert.
+- system.mysql.client
- system.freeipa.server.cluster
- cluster.aaa_ha_freeipa.aaa
parameters:
@@ -11,6 +12,13 @@
keepalived_vip_interface: ${_param:primary_interface}
keepalived_vip_virtual_router_id: 99
+ freeipa_admin_password: password
+ freeipa_ldap_password: password
+ mysql_admin_user: admin
+ mysql_admin_password: password
+ freeipa_principal_user: principal
+ freeipa_dns_zone: aaa-freeipa.local
+
freeipa:
server:
realm: ${_param:cluster_domain}
@@ -20,9 +28,9 @@
- idm02.${_param:cluster_domain}
- idm03.${_param:cluster_domain}
admin:
- password: password
+ password: ${_param:freeipa_admin_password}
ldap:
- password: password
+ password: ${_param:freeipa_ldap_password}
dns:
key:
axfrkey:
diff --git a/classes/cluster/aaa_ha_freeipa/aaa/init.yml b/classes/cluster/aaa_ha_freeipa/aaa/init.yml
index 9fb2124..0cd8e4f 100644
--- a/classes/cluster/aaa_ha_freeipa/aaa/init.yml
+++ b/classes/cluster/aaa_ha_freeipa/aaa/init.yml
@@ -1,5 +1,5 @@
classes:
-- cluster.aaa_ha_freeipa.aaa
+#- cluster.aaa_ha_freeipa.aaa
- system.linux.system.single
- system.openssh.server.team.lab
- system.openssh.server.team.tcpcloud
@@ -36,11 +36,19 @@
cluster_node03_hostname: ${_param:identity_control_node03_hostname}
cluster_node03_address: ${_param:identity_control_node03_address}
+ # FIXME
+ # temporarily - fix on reclass model or here
freeipa_node01_hostname: ${_param:cluster_node01_address}
freeipa_node02_hostname: ${_param:cluster_node02_address}
freeipa_node03_hostname: ${_param:cluster_node03_address}
freeipa_client_nsupdate_01_address: ${_param:cluster_node01_address}
-
+ # temporarily - fix on reclass model or here
+ infra_freeipa_node01_hostname: ${_param:freeipa_node01_hostname}
+ infra_freeipa_node02_hostname: ${_param:freeipa_node02_hostname}
+ infra_freeipa_node03_hostname: ${_param:freeipa_node03_hostname}
+ infra_idm_node01_address: ${_param:identity_control_node01_address}
+ infra_idm_node02_address: ${_param:identity_control_node02_address}
+ infra_idm_node03_address: ${_param:identity_control_node03_address}
linux:
network:
@@ -71,21 +79,16 @@
names:
- ${_param:identity_control_node03_hostname}
- ${_param:identity_control_node03_hostname}.${_param:cluster_domain}
- cmp01:
- address: ${_param:identity_compute_node01_address}
- names:
- - ${_param:identity_compute_node01_hostname}
- - ${_param:identity_compute_node01_hostname}.${_param:cluster_domain}
- cmp02:
- address: ${_param:identity_compute_node02_address}
- names:
- - ${_param:identity_compute_node02_hostname}
- - ${_param:identity_compute_node02_hostname}.${_param:cluster_domain}
prx01:
address: ${_param:identity_proxy_node01_address}
names:
- ${_param:identity_proxy_node01_hostname}
- ${_param:identity_proxy_node01_hostname}.${_param:cluster_domain}
+ prx02:
+ address: ${_param:identity_proxy_node02_address}
+ names:
+ - ${_param:identity_proxy_node02_hostname}
+ - ${_param:identity_proxy_node02_hostname}.${_param:cluster_domain}
system:
rc:
local: |
diff --git a/classes/cluster/aaa_ha_freeipa/infra/config.yml b/classes/cluster/aaa_ha_freeipa/infra/config.yml
index c993809..70e3c07 100644
--- a/classes/cluster/aaa_ha_freeipa/infra/config.yml
+++ b/classes/cluster/aaa_ha_freeipa/infra/config.yml
@@ -1,13 +1,15 @@
-alasses:
+classes:
- system.linux.system.repo.ubuntu
- system.openssh.client.lab
+- system.salt.master.single
- system.salt.master.pkg
- system.salt.minion.ca.salt_master
- system.salt.master.api
-- system.salt.minion.cert.k8s_server
- system.mysql.client
- system.reclass.storage.salt
-- system.reclass.storage.system.kubernetes_control_cluster
+- system.reclass.storage.system.infra_idm_cluster
+- cluster.aaa_ha_freeipa.infra
+- cluster.aaa_ha_freeipa.aaa
- cluster.aaa_ha_freeipa
parameters:
_param:
@@ -21,6 +23,7 @@
salt_master_host: 127.0.0.1
salt:
master:
+ enabled: true
reactor:
reclass/minion/classify:
- salt://reclass/reactor/node_register.sls
diff --git a/classes/cluster/aaa_ha_freeipa/init.yml b/classes/cluster/aaa_ha_freeipa/init.yml
index baec503..c9a2bed 100644
--- a/classes/cluster/aaa_ha_freeipa/init.yml
+++ b/classes/cluster/aaa_ha_freeipa/init.yml
@@ -1,4 +1,5 @@
classes:
-- cluster.aaa_ha_freeipa.aaa.freeipa
+- cluster.aaa_ha_freeipa.aaa.freeipa_server
- cluster.aaa_ha_freeipa.infra
- cluster.overrides
+