fedora-infra / ansible

Clone
Source Code
GIT

#286 Add ansible-freeipa to batcave
Closed 3 years ago by abompard. Opened 3 years ago by abompard.
fedora-infra/ abompard/ansible master  into  master

file modified
+1 
@@ -83,6 +83,7 @@ 
 

    - dnf                       # To get dnf reposync
 

    - dnf-plugins-core          # To get dnf reposync
 

    - fedora-messaging          # To send/receive messages on the amqp bus
 

+   - ansible-freeipa           # For the IPA server configuration tasks
 

    tags:
 

    - batcave
 

    - config

file modified
+2 
@@ -15,6 +15,8 @@ 
 

        {{ load_file('start.sh') | indent(6) }}
 

      httpd.conf: |-
 

        {{ load_file('httpd.conf') | indent(6) }}
 

+     fasjson.conf: |-
 

+       {{ load_file('fasjson.conf') | indent(6) }}
 

  - apiVersion: v1
 

    kind: ConfigMap
 

    metadata:

file modified
+57 -54 
@@ -26,62 +26,65 @@ 
 

          deploymentconfig: fasjson
 

      spec:
 

        containers:
 

-       - name: fasjson
 

-         imagePullPolicy: Always
 

-         ports:
 

-         - containerPort: 8080
 

-         volumeMounts:
 

+         - name: fasjson
 

+           imagePullPolicy: Always
 

+           ports:
 

+             - containerPort: 8080
 

+           volumeMounts:
 

+             - name: keytab-http-volume
 

+               mountPath: /etc/keytabs/http
 

+               subPath: http
 

+               readOnly: true
 

+             - name: krb-config-volume
 

+               mountPath: /etc/krb5
 

+               readOnly: true
 

+             - name: fasjson-config-volume
 

+               mountPath: /etc/fasjson
 

+               readOnly: true
 

+             - name: ipa-config-volume
 

+               mountPath: /etc/ipa
 

+               readOnly: true
 

+             - name: httpdir
 

+               mountPath: /httpdir
 

+           env:
 

+             - name: FASJSON_CONFIG_PATH
 

+               value: "/etc/fasjson/fasjson.conf"
 

+           livenessProbe:
 

+             timeoutSeconds: 10
 

+             initialDelaySeconds: 10
 

+             periodSeconds: 60
 

+             httpGet:
 

+               path: /healthz/live
 

+               port: 8080
 

+           readinessProbe:
 

+             timeoutSeconds: 10
 

+             initialDelaySeconds: 5
 

+             periodSeconds: 60
 

+             httpGet:
 

+               path: /healthz/ready
 

+               port: 8080
 

+       volumes:
 

+         - name: fasjson-config-volume
 

+           configMap:
 

+             name: fasjson-config
 

          - name: keytab-http-volume
 

-           mountPath: /etc/keytabs/http
 

-           subPath: http
 

-           readOnly: true
 

+           secret:
 

+             secretName: fasjson-keytab-http
 

          - name: krb-config-volume
 

-           mountPath: /etc/krb5
 

-           readOnly: true
 

-         - name: fasjson-config-volume
 

-           mountPath: /etc/fasjson
 

-           readOnly: true
 

+           configMap:
 

+             name: krb5-config
 

          - name: ipa-config-volume
 

-           mountPath: /etc/ipa
 

-           readOnly: true
 

+           configMap:
 

+             name: ipa-client-config
 

          - name: httpdir
 

-           mountPath: /httpdir
 

-         livenessProbe:
 

-           timeoutSeconds: 10
 

-           initialDelaySeconds: 10
 

-           periodSeconds: 60
 

-           httpGet:
 

-             path: /healthz/live
 

-             port: 8080
 

-         readinessProbe:
 

-           timeoutSeconds: 10
 

-           initialDelaySeconds: 5
 

-           periodSeconds: 60
 

-           httpGet:
 

-             path: /healthz/ready
 

-             port: 8080
 

-       volumes:
 

-       - name: fasjson-config-volume
 

-         configMap:
 

-           name: fasjson-config
 

-       - name: keytab-http-volume
 

-         secret:
 

-           secretName: fasjson-keytab-http
 

-       - name: krb-config-volume
 

-         configMap:
 

-           name: krb5-config
 

-       - name: ipa-config-volume
 

-         configMap:
 

-           name: ipa-client-config
 

-       - name: httpdir
 

-         emptyDir: {}
 

+           emptyDir: {}
 

    triggers:
 

-   - imageChangeParams:
 

-       automatic: true
 

-       containerNames:
 

-       - fasjson
 

-       from:
 

-         kind: ImageStreamTag
 

-         name: fasjson:latest
 

-     type: ImageChange
 

-   - type: ConfigChange
 

+     - imageChangeParams:
 

+         automatic: true
 

+         containerNames:
 

+           - fasjson
 

+         from:
 

+           kind: ImageStreamTag
 

+           name: fasjson:latest
 

+       type: ImageChange
 

+     - type: ConfigChange

file added
+2 
@@ -0,0 +1,2 @@ 
 

+ # The ID of the Certificate Profile to use in IPA
 

+ CERTIFICATE_PROFILE = "userCerts"

The ansible-freeipa package is useful to configure IPA, it's available for RHEL8 and maintained by the IPA folks.

It's a significant improvement over the method we currently use to configure IPA: run the ipa tool as command and parse the output.

1 new commit added

  • Prepare FASJSON for the new certificate profile setting
3 years ago

I've messed up this PR, sorry. I'll push the change since smooge seemed to think it made sense

Pull-Request has been closed by abompard
3 years ago

I've checked the commit pushed to ansible and retro-active +1 for me as well
Metadata
None
No Tags
Changes Summary 4
+1 -0
file changed
roles/batcave/tasks/main.yml
+2 -0
file changed
roles/openshift-apps/fasjson/templates/configmap.yml
+57 -54
file changed
roles/openshift-apps/fasjson/templates/deploymentconfig.yml
+2
file added
roles/openshift-apps/fasjson/templates/fasjson.conf
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.