3 # Used environment variables:
7 # - DirectoryManagerPassword
14 if [ -f "~/freeipa-setup.env" ]; then
15 source ~/freeipa-setup.env
16 elif [ -f "/tmp/freeipa-setup.env" ]; then
17 source /tmp/freeipa-setup.env
21 echo "nameserver 8.8.8.8" >> /etc/resolv.conf
22 echo "nameserver 8.8.4.4" >> /etc/resolv.conf
24 yum -q -y remove openstack-dashboard
26 # Install the needed packages
27 yum -q install -y ipa-server ipa-server-dns epel-release rng-tools mod_nss
28 yum -q install -y haveged
31 hostnamectl set-hostname --static $Hostname
33 echo $FreeIPAIP `hostname` | tee -a /etc/hosts
36 cat << EOF > freeipa-iptables-rules.txt
37 # Firewall configuration written by system-config-firewall
38 # Manual customization of this file is not recommended.
43 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
44 -A INPUT -p icmp -j ACCEPT
45 -A INPUT -i lo -j ACCEPT
46 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
47 #TCP ports for FreeIPA
48 -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
49 -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
50 -A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
51 -A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT
52 -A INPUT -m state --state NEW -m tcp -p tcp --dport 88 -j ACCEPT
53 -A INPUT -m state --state NEW -m tcp -p tcp --dport 464 -j ACCEPT
54 -A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
55 #UDP ports for FreeIPA
56 -A INPUT -m state --state NEW -m udp -p udp --dport 88 -j ACCEPT
57 -A INPUT -m state --state NEW -m udp -p udp --dport 464 -j ACCEPT
58 -A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
59 -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
60 -A INPUT -j REJECT --reject-with icmp-host-prohibited
61 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
65 iptables-restore < freeipa-iptables-rules.txt
67 # Entropy generation; otherwise, ipa-server-install will lag.
69 systemctl start haveged
71 # Remove conflicting httpd configuration
72 rm -f /etc/httpd/conf.d/ssl.conf
75 ipa-server-install -U -r `hostname -d|tr "[a-z]" "[A-Z]"` \
76 -p $DirectoryManagerPassword -a $AdminPassword \
77 --hostname `hostname -f`
80 echo $AdminPassword | kinit admin
85 if [ "$?" = '1' ]; then
89 # Create undercloud host
90 ipa host-add $UndercloudFQDN --password=$HostsSecret --force
92 # Create overcloud nodes and services
93 git clone https://github.com/JAORMX/freeipa-tripleo-incubator.git
94 cd freeipa-tripleo-incubator
95 python create_ipa_tripleo_host_setup.py -w $HostsSecret -d $(hostname -d) \
96 --controller-count 1 --compute-count 1