Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / mcp-virtual-lab / 1113cacb0dcdae5ec5131880d7d88e3caef51a5e / . / classes / cluster / aaa-ha-freeipa / aaa / freeipa_server.yml
blob: 33c8a6eda1f9a32586276ad34e045106e89f493a [file] [log] [blame]
Petr Michalec56e329c2017-07-03 14:32:04 +0200[diff] [blame]1classes:
2# RHEL/Centos based
3#- system.linux.system.repo.saltstack.rhel7
4#- system.haproxy.proxy.listen.
5#- system.salt.minion.cert.
Petr Michalec6463b432017-08-17 11:52:59 +0200[diff] [blame]6- system.mysql.client
Petr Michalecb8e83fc2017-12-15 15:27:28 +0100[diff] [blame]7#- system.freeipa.server.cluster
Petr Michalecf05e3ea2017-08-21 17:33:16 +0200[diff] [blame]8- cluster.aaa-ha-freeipa.aaa
Petr Michalec56e329c2017-07-03 14:32:04 +0200[diff] [blame]9parameters:
10 _param:
11 linux_system_codename: centos
12 keepalived_vip_interface: ${_param:primary_interface}
13 keepalived_vip_virtual_router_id: 99
14
Petr Michalec6463b432017-08-17 11:52:59 +0200[diff] [blame]15 freeipa_admin_password: password
16 freeipa_ldap_password: password
17 mysql_admin_user: admin
18 mysql_admin_password: password
19 freeipa_principal_user: principal
20 freeipa_dns_zone: aaa-freeipa.local
Petr Michalecb8e83fc2017-12-15 15:27:28 +0100[diff] [blame]21 freeipa_realm: ${_param:cluster_domain}
Petr Michalec6463b432017-08-17 11:52:59 +0200[diff] [blame]22
Petr Michalec56e329c2017-07-03 14:32:04 +0200[diff] [blame]23 freeipa:
24 server:
25 realm: ${_param:cluster_domain}
26 domain: ${_param:cluster_domain}
27 servers:
28 - idm01.${_param:cluster_domain}
29 - idm02.${_param:cluster_domain}
30 - idm03.${_param:cluster_domain}
31 admin:
Petr Michalec6463b432017-08-17 11:52:59 +0200[diff] [blame]32 password: ${_param:freeipa_admin_password}
Petr Michalec56e329c2017-07-03 14:32:04 +0200[diff] [blame]33 ldap:
Petr Michalec6463b432017-08-17 11:52:59 +0200[diff] [blame]34 password: ${_param:freeipa_ldap_password}
Petr Michalec56e329c2017-07-03 14:32:04 +0200[diff] [blame]35 dns:
36 key:
37 axfrkey:
38 # bind9utils
39 # dnssec-keygen -a HMAC-MD5 -b 128 -n HOST rndc-key
40 secret: "xoDeAf49FmBTiJWRJ1zNng=="
41 algorithm: hmac-md5
42 # algorithm: hmac-sha512
43 zone:
44 # Main zones
45 aaa-freeipa.local: ${_param:freeipa_dns_zone}
46
47 # Additional/Internal zones
48 # opencontrail.cz: ${_param:freeipa_dns_zone}
49
50 # Reverse zones
51 # 105.0.10.in-addr.arpa: ${_param:freeipa_dns_zone_reverse}
52