Joey Boggs
2009-May-15 20:29 UTC
[Ovirt-devel] [PATCH server] add server-side groundwork for remote freeipa server
This lays 90% of the groundwork needed on the server side to support the use of
a remote ipa server.
Leaving the option disabled in the installer until the necessary node
integration(dns/keytab placementi location) is completed
Also apply:
[PATCH server] update ovirt-add-host to use ipa commands instead of kadmin.local
[PATCH server] separate ipa common tasks freeipa::common and rename
ipa_server_install to ipa_install
---
installer/bin/ovirt-installer | 54 +++++++++++--------
installer/modules/ovirt/manifests/dns.pp | 72 ++++++++++++-------------
installer/modules/ovirt/manifests/freeipa.pp | 57 +++++++++++++++++----
installer/modules/ovirt/manifests/ovirt.pp | 2 +-
4 files changed, 115 insertions(+), 70 deletions(-)
diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer
index ad4d56d..2258578 100755
--- a/installer/bin/ovirt-installer
+++ b/installer/bin/ovirt-installer
@@ -171,11 +171,29 @@ admin_dev = prompt_for_interface("Enter the interface
for the Admin network (thi
#FIXME: correctly configure separate networks.
#For now, define admin and guest networks to be the same
-guest_dev = admin_dev
+guest_dev = guest_httpd_dev
#sep_networks = (guest_dev == admin_dev) ? "n" : "y"
-ovirt_host = prompt_for_answer("Enter the hostname of the oVirt management
server (example: management.example.com):", :regex => IP_OR_FQDN)
-ipa_host = ovirt_host
+ovirt_host = prompt_for_answer("Enter the hostname of the oVirt management
server", :regex => IP_OR_FQDN, :default => hostname.chomp)
+#remote_ipa = prompt_yes_no("Is FreeIPA already installed on another
machine?")
+remote_ipa = "n"
+if remote_ipa == "y"
+ ipa_host = prompt_for_answer("Enter the hostname of the FreeIPA
server", :regex => IP_OR_FQDN)
+else
+ ipa_host = ovirt_host
+end
+
+# FreeIPA Configuration
+realm_name = prompt_for_answer("Enter your kerberos realm name (example:
example.com):", :regex => FQDN)
+ at cli.say("NOTE: The following password will also be your ovirtadmin
password for the web management login")
+freeipa_password = prompt_for_password("Enter the admin password for
FreeIPA:", "Confirm your FreeIPA admin password:")
+ldap_dn = ""
+ldap_dn_temp = realm_name.split(".")
+ldap_dn_temp.each do |i|
+ ldap_dn += "dc=#{i},"
+ end
+ ldap_dn = ldap_dn.chop
+
# DNS Configuration
@cli.say( "\nThe following DNS servers were found:")
@@ -190,16 +208,16 @@ guest_ipaddr = interfaces[guest_dev]
admin_ipaddr = interfaces[admin_dev]
if dns_servers == "y"
- guest_ipaddr_lookup = Socket.getaddrinfo(guest_ipaddr.to_s,nil)
- guest_hostname = guest_ipaddr_lookup[1][2]
- if guest_hostname.to_s != ipa_host.to_s
+ admin_ipaddr_lookup = Socket.getaddrinfo(admin_ipaddr.to_s,nil)
+ admin_hostname = admin_ipaddr_lookup[1][2]
+ if admin_hostname.to_s != ovirt_host.to_s
@cli.say("Reverse dns lookup for #{guest_ipaddr} failed,
exiting")
exit(0)
end
- ipa_host_lookup = Socket.getaddrinfo(ipa_host,nil)
- ipa_hostip = ipa_host_lookup[1][3]
- if ipa_hostip.to_s != guest_ipaddr.to_s
+ ovirt_host_lookup = Socket.getaddrinfo(ovirt_host,nil)
+ ovirt_hostip = ovirt_host_lookup[1][3]
+ if ovirt_hostip.to_s != admin_ipaddr.to_s
@cli.say("Forward dns lookup for #{ipa_host} failed,
exiting")
exit(0)
end
@@ -236,18 +254,6 @@ cobbler_user_password = prompt_for_password("Enter
your cobbler user password:",
# Postgres Configuration
db_username = "ovirt"
db_password = prompt_for_password("Enter a password for the ovirt postgres
account:", "Confirm your ovirt postgres password")
-# FreeIPA Configuration
-realm_name = prompt_for_answer("Enter your realm name (example:
example.com):", :regex => FQDN)
-
- at cli.say("NOTE: The following password will also be your ovirtadmin
password for the web management login")
-freeipa_password = prompt_for_password("Enter an administrator password
for FreeIPA:", "Confirm your FreeIPA admin password:")
-ldap_dn = ""
-ldap_dn_temp = realm_name.split(".")
-ldap_dn_temp.each do |i|
- ldap_dn += "dc=#{i},"
-end
-ldap_dn = ldap_dn.chop
-
#
# Use ERB to spit out the puppet file whcih is used by ace.
@@ -311,7 +317,7 @@ $db_username = '<%= db_username %>'
$db_password = '<%= db_password %>'
# FreeIPA configuration
-$realm_name = '<%= realm_name %>'
+$realm_name = '<%= realm_name.upcase %>'
$freeipa_password = '<%= freeipa_password %>'
$short_ldap_dn = '<%= ldap_dn %>'
$ldap_dn = 'cn=ipaConfig,cn=etc,<%= ldap_dn %>'
@@ -328,7 +334,11 @@ firewall_rule{"nat-postrouting": table =>
"nat", chain => "POSTROUTING", out_int
<% end %>
include postgres::bundled
include freeipa::common
+<% if remote_ipa == "n" %>
include freeipa::bundled
+<% else %>
+include freeipa::remote
+<% end %>
include ovirt::setup
END_OF_TEMPLATE
diff --git a/installer/modules/ovirt/manifests/dns.pp
b/installer/modules/ovirt/manifests/dns.pp
index 7709cbf..8f44090 100644
--- a/installer/modules/ovirt/manifests/dns.pp
+++ b/installer/modules/ovirt/manifests/dns.pp
@@ -24,52 +24,27 @@ import "augeas"
define dns::common($guest_ipaddr="",
$admin_ipaddr="",$guest_dev="",$admin_dev="") {
+ single_exec {"add_guest_server_to_etc_hosts":
+ command => "/bin/echo $admin_ipaddr $ovirt_host >>
/etc/hosts",
+ notify => Service[dnsmasq]
+ }
+
package {"dnsmasq":
- ensure => installed,
- require => [Single_exec["add_dns_server_to_resolv.conf"]]
+ ensure => installed
}
service {"dnsmasq" :
ensure => running,
- enable => true,
- require => [File["/etc/dnsmasq.d/ovirt-dns.conf"],
Package["dnsmasq"]]
- }
-
- file {"/etc/dnsmasq.d/ovirt-dns.conf":
- content => template("ovirt/ovirt-dns.conf.erb"),
- mode => 644,
- notify => Service[dnsmasq],
- require => Package["dnsmasq"]
- }
-
- single_exec {"add_dns_server_to_resolv.conf":
- command => "/bin/sed -e '1i nameserver $admin_ipaddr'
-i /etc/resolv.conf",
- require => [Single_exec["set_hostname"]]
+ enable => true
}
- augeas{"appliance_info":
- context => "/files/etc/dnsmasq.conf",
- changes => [
- "set conf-dir /etc/dnsmasq.d"
+ augeas{"appliance_info":
+ context => "/files/etc/dnsmasq.conf",
+ changes => [
+ "set conf-dir /etc/dnsmasq.d"
],
notify => Service[dnsmasq]
}
-
- file {"/etc/dhclient.conf":
- ensure => present
- }
-
- file_append {"dhclient_config":
- file => "/etc/dhclient.conf",
- line => "prepend domain-name-servers $admin_ipaddr;",
- require => [Single_exec["set_hostname"],
Package["dnsmasq"], File["/etc/dhclient.conf"]] ,
- notify => Service[dnsmasq],
- }
-
- single_exec {"add_guest_server_to_etc_hosts":
- command => "/bin/echo $guest_ipaddr $ipa_host >>
/etc/hosts",
- notify => [Service[dnsmasq],
Single_exec["add_dns_server_to_resolv.conf"]]
- }
}
define dns::bundled($guest_ipaddr="",
$admin_ipaddr="",$guest_dev="",$admin_dev="") {
@@ -79,13 +54,36 @@ define dns::bundled($guest_ipaddr="",
$admin_ipaddr="",$guest_dev="",$admin_dev
augeas{"set_system_hostname":
context => "/files/etc/sysconfig/network",
changes => [
- "set HOSTNAME $ipa_host"
+ "set HOSTNAME $ovirt_host"
]
}
firewall_rule {"named": destination_port => '53'}
firewall_rule {"named-udp": destination_port =>
'53', protocol => 'udp'}
+ file {"/etc/dhclient.conf":
+ ensure => present
+ }
+
+ single_exec {"add_dns_server_to_resolv.conf":
+ command => "/bin/sed -e '1i nameserver $admin_ipaddr'
-i /etc/resolv.conf",
+ require => Single_exec["set_hostname"],
+ notify => Service[dnsmasq]
+ }
+
+ file_append {"dhclient_config":
+ file => "/etc/dhclient.conf",
+ line => "prepend domain-name-servers $admin_ipaddr;",
+ require => [Single_exec["set_hostname"],
Package["dnsmasq"], File["/etc/dhclient.conf"]] ,
+ notify => Service[dnsmasq],
+ }
+
+ file {"/etc/dnsmasq.d/ovirt-dns.conf":
+ content => template("ovirt/ovirt-dns.conf.erb"),
+ mode => 644,
+ notify => Service[dnsmasq],
+ require => Package["dnsmasq"]
+ }
}
define dns::remote($guest_ipaddr="",
$admin_ipaddr="",$guest_dev="",$admin_dev="") {
diff --git a/installer/modules/ovirt/manifests/freeipa.pp
b/installer/modules/ovirt/manifests/freeipa.pp
index 796b8b4..8983e10 100644
--- a/installer/modules/ovirt/manifests/freeipa.pp
+++ b/installer/modules/ovirt/manifests/freeipa.pp
@@ -45,6 +45,15 @@ class freeipa::common{
require => Single_exec[ipa_ovirtadmin_group]
}
+ single_exec {"set_hostname":
+ command => "/bin/hostname $ovirt_host",
+ }
+
+ single_exec {"dnsmasq_restart":
+ command => "/usr/bin/pkill dnsmasq;/etc/init.d/dnsmasq
start",
+ require =>
[Single_exec[add_guest_server_to_etc_hosts],Package[dnsmasq]]
+ }
+
}
class freeipa::bundled{
@@ -54,10 +63,6 @@ class freeipa::bundled{
require => [Exec[db_exists_file],Single_exec["set_hostname"]]
}
- single_exec {"set_hostname":
- command => "/bin/hostname $ipa_host",
- }
-
exec {"set_kdc_defaults":
command => "/bin/sed -i '/\[kdcdefaults\]/a \
kdc_ports = 88' /usr/share/ipa/kdc.conf.template",
require => Package[ipa-server]
@@ -83,11 +88,6 @@ class freeipa::bundled{
notify => Service[httpd]
}
- single_exec {"dnsmasq_restart":
- command => "/usr/bin/pkill dnsmasq;/etc/init.d/dnsmasq
start",
- require =>
[Single_exec[add_guest_server_to_etc_hosts],Package[dnsmasq]]
- }
-
single_exec {"ipa_install":
command => "/usr/sbin/ipa-server-install -r $realm_name
-p $freeipa_password -P $freeipa_password -a $freeipa_password --hostname
$ipa_host -u dirsrv -U",
require =>
[Exec[set_kdc_defaults],Single_exec[dnsmasq_restart]]
@@ -104,7 +104,44 @@ class freeipa::bundled{
class freeipa::remote {
-# oVirt is not configured at this time to support a remote freeipa server
+ single_exec {"ipa_install":
+ command => "/usr/sbin/ipa-client-install --server
$ipa_host --domain=$realm_name --realm=$realm_name --force -U",
+ require => Single_exec[dnsmasq_restart]
+ }
+
+ package {"mod_nss":
+ ensure => installed
+ }
+
+ file_replacement{"mod_nss_config_1":
+ file => "/etc/httpd/conf.d/nss.conf",
+ pattern => "<VirtualHost _default_:8443>",
+ replacement => "<VirtualHost _default_:443>",
+ require => Package[mod_nss]
+ }
+ file_replacement{"mod_nss_config_2":
+ file => "/etc/httpd/conf.d/nss.conf",
+ pattern => "Listen 8443",
+ replacement => "Listen 443",
+ require => Package[mod_nss]
+ }
+
+ single_exec {"create_HTTP_keytab":
+ command => "/usr/sbin/ipa-addservice
HTTP/$ovirt_host@$realm_name",
+ require => Single_exec[ipa_install]
+ }
+
+ single_exec {"get_HTTP_keytab":
+ command => "/usr/sbin/ipa-getkeytab -s $ipa_host -p
HTTP/$ovirt_host@$realm_name -k /usr/share/ovirt-server/ovirt.keytab",
+ require => Single_exec[create_HTTP_keytab],
+ notify => Service[httpd]
+ }
+
+ single_exec {"copy_ovirt_keytab":
+ command => "/bin/cp
/usr/share/ovirt-server/ovirt.keytab /etc/httpd/conf/ipa.keytab",
+ require => Single_exec[get_HTTP_keytab],
+ notify => Service[httpd]
+ }
}
diff --git a/installer/modules/ovirt/manifests/ovirt.pp
b/installer/modules/ovirt/manifests/ovirt.pp
index 03a93a7..2e91e69 100644
--- a/installer/modules/ovirt/manifests/ovirt.pp
+++ b/installer/modules/ovirt/manifests/ovirt.pp
@@ -125,7 +125,7 @@ class ovirt::setup {
}
single_exec { "add_host" :
- command => "/usr/bin/ovirt-add-host $ipa_host
/usr/share/ovirt-server/ovirt.keytab",
+ command => "/usr/bin/ovirt-add-host $ovirt_host
/usr/share/ovirt-server/ovirt.keytab",
require => Package[ovirt-server],
notify => Service[qpidd]
}
--
1.6.0.6
Joey Boggs
2009-May-15 20:31 UTC
[Ovirt-devel] Re: [PATCH server] add server-side groundwork for remote freeipa server
In case anyone is wondering, due to the puppet classes we have, a bit of the tasks had to be moved around to support bundled/common/remote scenarios between the dns/freeipa/ovirt modules. Joey Boggs wrote:> This lays 90% of the groundwork needed on the server side to support the use of a remote ipa server. > > Leaving the option disabled in the installer until the necessary node integration(dns/keytab placementi location) is completed > > Also apply: > [PATCH server] update ovirt-add-host to use ipa commands instead of kadmin.local > [PATCH server] separate ipa common tasks freeipa::common and rename ipa_server_install to ipa_install > > > --- > installer/bin/ovirt-installer | 54 +++++++++++-------- > installer/modules/ovirt/manifests/dns.pp | 72 ++++++++++++------------- > installer/modules/ovirt/manifests/freeipa.pp | 57 +++++++++++++++++---- > installer/modules/ovirt/manifests/ovirt.pp | 2 +- > 4 files changed, 115 insertions(+), 70 deletions(-) > > diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer > index ad4d56d..2258578 100755 > --- a/installer/bin/ovirt-installer > +++ b/installer/bin/ovirt-installer > @@ -171,11 +171,29 @@ admin_dev = prompt_for_interface("Enter the interface for the Admin network (thi > > #FIXME: correctly configure separate networks. > #For now, define admin and guest networks to be the same > -guest_dev = admin_dev > +guest_dev = guest_httpd_dev > #sep_networks = (guest_dev == admin_dev) ? "n" : "y" > > -ovirt_host = prompt_for_answer("Enter the hostname of the oVirt management server (example: management.example.com):", :regex => IP_OR_FQDN) > -ipa_host = ovirt_host > +ovirt_host = prompt_for_answer("Enter the hostname of the oVirt management server", :regex => IP_OR_FQDN, :default => hostname.chomp) > +#remote_ipa = prompt_yes_no("Is FreeIPA already installed on another machine?") > +remote_ipa = "n" > +if remote_ipa == "y" > + ipa_host = prompt_for_answer("Enter the hostname of the FreeIPA server", :regex => IP_OR_FQDN) > +else > + ipa_host = ovirt_host > +end > + > +# FreeIPA Configuration > +realm_name = prompt_for_answer("Enter your kerberos realm name (example: example.com):", :regex => FQDN) > + at cli.say("NOTE: The following password will also be your ovirtadmin password for the web management login") > +freeipa_password = prompt_for_password("Enter the admin password for FreeIPA:", "Confirm your FreeIPA admin password:") > +ldap_dn = "" > +ldap_dn_temp = realm_name.split(".") > +ldap_dn_temp.each do |i| > + ldap_dn += "dc=#{i}," > + end > + ldap_dn = ldap_dn.chop > + > > # DNS Configuration > @cli.say( "\nThe following DNS servers were found:") > @@ -190,16 +208,16 @@ guest_ipaddr = interfaces[guest_dev] > admin_ipaddr = interfaces[admin_dev] > > if dns_servers == "y" > - guest_ipaddr_lookup = Socket.getaddrinfo(guest_ipaddr.to_s,nil) > - guest_hostname = guest_ipaddr_lookup[1][2] > - if guest_hostname.to_s != ipa_host.to_s > + admin_ipaddr_lookup = Socket.getaddrinfo(admin_ipaddr.to_s,nil) > + admin_hostname = admin_ipaddr_lookup[1][2] > + if admin_hostname.to_s != ovirt_host.to_s > @cli.say("Reverse dns lookup for #{guest_ipaddr} failed, exiting") > exit(0) > end > > - ipa_host_lookup = Socket.getaddrinfo(ipa_host,nil) > - ipa_hostip = ipa_host_lookup[1][3] > - if ipa_hostip.to_s != guest_ipaddr.to_s > + ovirt_host_lookup = Socket.getaddrinfo(ovirt_host,nil) > + ovirt_hostip = ovirt_host_lookup[1][3] > + if ovirt_hostip.to_s != admin_ipaddr.to_s > @cli.say("Forward dns lookup for #{ipa_host} failed, exiting") > exit(0) > end > @@ -236,18 +254,6 @@ cobbler_user_password = prompt_for_password("Enter your cobbler user password:", > # Postgres Configuration > db_username = "ovirt" > db_password = prompt_for_password("Enter a password for the ovirt postgres account:", "Confirm your ovirt postgres password") > -# FreeIPA Configuration > -realm_name = prompt_for_answer("Enter your realm name (example: example.com):", :regex => FQDN) > - > - at cli.say("NOTE: The following password will also be your ovirtadmin password for the web management login") > -freeipa_password = prompt_for_password("Enter an administrator password for FreeIPA:", "Confirm your FreeIPA admin password:") > -ldap_dn = "" > -ldap_dn_temp = realm_name.split(".") > -ldap_dn_temp.each do |i| > - ldap_dn += "dc=#{i}," > -end > -ldap_dn = ldap_dn.chop > - > > # > # Use ERB to spit out the puppet file whcih is used by ace. > @@ -311,7 +317,7 @@ $db_username = '<%= db_username %>' > $db_password = '<%= db_password %>' > > # FreeIPA configuration > -$realm_name = '<%= realm_name %>' > +$realm_name = '<%= realm_name.upcase %>' > $freeipa_password = '<%= freeipa_password %>' > $short_ldap_dn = '<%= ldap_dn %>' > $ldap_dn = 'cn=ipaConfig,cn=etc,<%= ldap_dn %>' > @@ -328,7 +334,11 @@ firewall_rule{"nat-postrouting": table => "nat", chain => "POSTROUTING", out_int > <% end %> > include postgres::bundled > include freeipa::common > +<% if remote_ipa == "n" %> > include freeipa::bundled > +<% else %> > +include freeipa::remote > +<% end %> > include ovirt::setup > END_OF_TEMPLATE > > diff --git a/installer/modules/ovirt/manifests/dns.pp b/installer/modules/ovirt/manifests/dns.pp > index 7709cbf..8f44090 100644 > --- a/installer/modules/ovirt/manifests/dns.pp > +++ b/installer/modules/ovirt/manifests/dns.pp > @@ -24,52 +24,27 @@ import "augeas" > > define dns::common($guest_ipaddr="", $admin_ipaddr="",$guest_dev="",$admin_dev="") { > > + single_exec {"add_guest_server_to_etc_hosts": > + command => "/bin/echo $admin_ipaddr $ovirt_host >> /etc/hosts", > + notify => Service[dnsmasq] > + } > + > package {"dnsmasq": > - ensure => installed, > - require => [Single_exec["add_dns_server_to_resolv.conf"]] > + ensure => installed > } > > service {"dnsmasq" : > ensure => running, > - enable => true, > - require => [File["/etc/dnsmasq.d/ovirt-dns.conf"], Package["dnsmasq"]] > - } > - > - file {"/etc/dnsmasq.d/ovirt-dns.conf": > - content => template("ovirt/ovirt-dns.conf.erb"), > - mode => 644, > - notify => Service[dnsmasq], > - require => Package["dnsmasq"] > - } > - > - single_exec {"add_dns_server_to_resolv.conf": > - command => "/bin/sed -e '1i nameserver $admin_ipaddr' -i /etc/resolv.conf", > - require => [Single_exec["set_hostname"]] > + enable => true > } > > - augeas{"appliance_info": > - context => "/files/etc/dnsmasq.conf", > - changes => [ > - "set conf-dir /etc/dnsmasq.d" > + augeas{"appliance_info": > + context => "/files/etc/dnsmasq.conf", > + changes => [ > + "set conf-dir /etc/dnsmasq.d" > ], > notify => Service[dnsmasq] > } > - > - file {"/etc/dhclient.conf": > - ensure => present > - } > - > - file_append {"dhclient_config": > - file => "/etc/dhclient.conf", > - line => "prepend domain-name-servers $admin_ipaddr;", > - require => [Single_exec["set_hostname"], Package["dnsmasq"], File["/etc/dhclient.conf"]] , > - notify => Service[dnsmasq], > - } > - > - single_exec {"add_guest_server_to_etc_hosts": > - command => "/bin/echo $guest_ipaddr $ipa_host >> /etc/hosts", > - notify => [Service[dnsmasq], Single_exec["add_dns_server_to_resolv.conf"]] > - } > } > > define dns::bundled($guest_ipaddr="", $admin_ipaddr="",$guest_dev="",$admin_dev="") { > @@ -79,13 +54,36 @@ define dns::bundled($guest_ipaddr="", $admin_ipaddr="",$guest_dev="",$admin_dev> augeas{"set_system_hostname": > context => "/files/etc/sysconfig/network", > changes => [ > - "set HOSTNAME $ipa_host" > + "set HOSTNAME $ovirt_host" > ] > } > > firewall_rule {"named": destination_port => '53'} > firewall_rule {"named-udp": destination_port => '53', protocol => 'udp'} > > + file {"/etc/dhclient.conf": > + ensure => present > + } > + > + single_exec {"add_dns_server_to_resolv.conf": > + command => "/bin/sed -e '1i nameserver $admin_ipaddr' -i /etc/resolv.conf", > + require => Single_exec["set_hostname"], > + notify => Service[dnsmasq] > + } > + > + file_append {"dhclient_config": > + file => "/etc/dhclient.conf", > + line => "prepend domain-name-servers $admin_ipaddr;", > + require => [Single_exec["set_hostname"], Package["dnsmasq"], File["/etc/dhclient.conf"]] , > + notify => Service[dnsmasq], > + } > + > + file {"/etc/dnsmasq.d/ovirt-dns.conf": > + content => template("ovirt/ovirt-dns.conf.erb"), > + mode => 644, > + notify => Service[dnsmasq], > + require => Package["dnsmasq"] > + } > } > > define dns::remote($guest_ipaddr="", $admin_ipaddr="",$guest_dev="",$admin_dev="") { > diff --git a/installer/modules/ovirt/manifests/freeipa.pp b/installer/modules/ovirt/manifests/freeipa.pp > index 796b8b4..8983e10 100644 > --- a/installer/modules/ovirt/manifests/freeipa.pp > +++ b/installer/modules/ovirt/manifests/freeipa.pp > @@ -45,6 +45,15 @@ class freeipa::common{ > require => Single_exec[ipa_ovirtadmin_group] > } > > + single_exec {"set_hostname": > + command => "/bin/hostname $ovirt_host", > + } > + > + single_exec {"dnsmasq_restart": > + command => "/usr/bin/pkill dnsmasq;/etc/init.d/dnsmasq start", > + require => [Single_exec[add_guest_server_to_etc_hosts],Package[dnsmasq]] > + } > + > } > > class freeipa::bundled{ > @@ -54,10 +63,6 @@ class freeipa::bundled{ > require => [Exec[db_exists_file],Single_exec["set_hostname"]] > } > > - single_exec {"set_hostname": > - command => "/bin/hostname $ipa_host", > - } > - > exec {"set_kdc_defaults": > command => "/bin/sed -i '/\[kdcdefaults\]/a \ kdc_ports = 88' /usr/share/ipa/kdc.conf.template", > require => Package[ipa-server] > @@ -83,11 +88,6 @@ class freeipa::bundled{ > notify => Service[httpd] > } > > - single_exec {"dnsmasq_restart": > - command => "/usr/bin/pkill dnsmasq;/etc/init.d/dnsmasq start", > - require => [Single_exec[add_guest_server_to_etc_hosts],Package[dnsmasq]] > - } > - > single_exec {"ipa_install": > command => "/usr/sbin/ipa-server-install -r $realm_name -p $freeipa_password -P $freeipa_password -a $freeipa_password --hostname $ipa_host -u dirsrv -U", > require => [Exec[set_kdc_defaults],Single_exec[dnsmasq_restart]] > @@ -104,7 +104,44 @@ class freeipa::bundled{ > > class freeipa::remote { > > -# oVirt is not configured at this time to support a remote freeipa server > + single_exec {"ipa_install": > + command => "/usr/sbin/ipa-client-install --server $ipa_host --domain=$realm_name --realm=$realm_name --force -U", > + require => Single_exec[dnsmasq_restart] > + } > + > + package {"mod_nss": > + ensure => installed > + } > + > + file_replacement{"mod_nss_config_1": > + file => "/etc/httpd/conf.d/nss.conf", > + pattern => "<VirtualHost _default_:8443>", > + replacement => "<VirtualHost _default_:443>", > + require => Package[mod_nss] > + } > + file_replacement{"mod_nss_config_2": > + file => "/etc/httpd/conf.d/nss.conf", > + pattern => "Listen 8443", > + replacement => "Listen 443", > + require => Package[mod_nss] > + } > + > + single_exec {"create_HTTP_keytab": > + command => "/usr/sbin/ipa-addservice HTTP/$ovirt_host@$realm_name", > + require => Single_exec[ipa_install] > + } > + > + single_exec {"get_HTTP_keytab": > + command => "/usr/sbin/ipa-getkeytab -s $ipa_host -p HTTP/$ovirt_host@$realm_name -k /usr/share/ovirt-server/ovirt.keytab", > + require => Single_exec[create_HTTP_keytab], > + notify => Service[httpd] > + } > + > + single_exec {"copy_ovirt_keytab": > + command => "/bin/cp /usr/share/ovirt-server/ovirt.keytab /etc/httpd/conf/ipa.keytab", > + require => Single_exec[get_HTTP_keytab], > + notify => Service[httpd] > + } > > } > > diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp > index 03a93a7..2e91e69 100644 > --- a/installer/modules/ovirt/manifests/ovirt.pp > +++ b/installer/modules/ovirt/manifests/ovirt.pp > @@ -125,7 +125,7 @@ class ovirt::setup { > } > > single_exec { "add_host" : > - command => "/usr/bin/ovirt-add-host $ipa_host /usr/share/ovirt-server/ovirt.keytab", > + command => "/usr/bin/ovirt-add-host $ovirt_host /usr/share/ovirt-server/ovirt.keytab", > require => Package[ovirt-server], > notify => Service[qpidd] > } >
Possibly Parallel Threads
- How to install ovirt in working environment?
- [PATCH server] oVirt server single network installer
- [PATCH server] update installer exec items to single_exec where applicable
- [PATCH server] last patch to implement remote freeipa
- [PATCH server] update host-browser to use ipa commands rather than kadmin