1 heat_template_version: pike
3 description: Enroll nodes to FreeIPA
7 description: ID of the controller node to apply this config to
12 The configured cloud domain; this will also be used as the kerberos realm
17 description: 'OTP that will be used for FreeIPA enrollment'
22 description: 'FreeIPA server DNS name'
26 description: 'FreeIPA server IP Address'
30 FreeIPAEnrollmentConfig:
31 type: OS::Heat::SoftwareConfig
41 # If no IPA server was given as a parameter, it will be assumed from
43 if [ -n "${ipa_server}" ]; then
44 sed -i "/${ipa_server}/d" /etc/hosts
45 # Optionally add the FreeIPA server IP to /etc/hosts
46 if [ -n "${ipa_ip}" ]; then
47 echo "${ipa_ip} ${ipa_server}" >> /etc/hosts
50 # Set the node's domain if needed
51 if [ ! $(hostname -f | grep "${ipa_domain}$") ]; then
52 hostnamectl set-hostname "$(hostname).${ipa_domain}"
54 yum install -y ipa-client
55 # Enroll. If there is already keytab, we have already done this. If
56 # this node hasn't enrolled and the OTP is missing, fail.
57 if [ ! -f /etc/krb5.keytab ]; then
58 if [ -z "${otp}" ]; then
62 ipa-client-install --server ${ipa_server} -w ${otp} \
63 --domain=${ipa_domain} -U
66 kinit -k -t /etc/krb5.keytab
68 FreeIPAControllerEnrollmentDeployment:
69 type: OS::Heat::SoftwareDeployment
71 name: FreeIPAEnrollmentDeployment
72 config: {get_resource: FreeIPAEnrollmentConfig}
73 server: {get_param: server}
75 otp: {get_param: FreeIPAOTP}
76 ipa_server: {get_param: FreeIPAServer}
77 ipa_domain: {get_param: CloudDomain}
78 ipa_ip: {get_param: FreeIPAIPAddress}
82 description: Output of the FreeIPA enrollment deployment
83 value: {get_attr: [FreeIPAControllerEnrollmentDeployment, deploy_stdout]}