tripleo

metadata REST service to enroll instances in IPA for certmonger

Registered by Rob Crittenden

A nova metadata REST service and notification listener to detect when an instance is created and if requested, register it with IPA (freeipa.org) via cloud-init. This will provide the credentials needed for easy certmonger integration using the IPA CA to provision certificates. See also https://blueprints.launchpad.net/tripleo/+spec/tls-via-certmonger

Blueprint information

Status:
Complete
Approver:
Emilien Macchi
Priority:
Medium
Drafter:
Rob Crittenden
Direction:
Approved
Assignee:
Rob Crittenden
Definition:
Approved
Series goal:
Accepted for pike
Implementation:
Implemented
Milestone target:
milestone icon pike-3
Started by
Emilien Macchi
Completed by
Emilien Macchi

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/novajoin,n,z

Addressed by: https://review.openstack.org/400937
    Add option to set undercloud dns nameserver

Addressed by: https://review.openstack.org/399220
    Add code to support novajoin in the undercloud

Addressed by: https://review.openstack.org/411340
    Add metadata settings for needed kerberos principals

Addressed by: https://review.openstack.org/411339
    Add hook to generate metadata from service profiles

Addressed by: https://review.openstack.org/396789
    Add novajoin class

Addressed by: https://review.rdoproject.org/r/#/c/4100/
    Add puppet-ipaclient

Addressed by: https://review.openstack.org/412542
    Add ipa-admintools package to the overcloud.

Addressed by: https://review.openstack.org/418145
    Revert "Add code to support novajoin in the undercloud"

Addressed by: https://review.openstack.org/418478
    Add code to support novajoin in the undercloud

Addressed by: https://review.openstack.org/419000
    Add reference to puppet-ipaclient

Addressed by: https://review.openstack.org/421575
    Add environment for usage by the novajoin in the undercloud

Gerrit topic: https://review.openstack.org/#q,topic:novajoin,n,z

Addressed by: https://review.openstack.org/427505
    FreeIPA: don't preprovision service principals if novajoin is enabled

Addressed by: https://review.openstack.org/436198
    [WIP] Add role to deploy FreeIPA

Addressed by: https://review.openstack.org/469503
    Add novajoin docker service

Addressed by: https://review.openstack.org/470165
    Add novajoin profile

Addressed by: https://review.openstack.org/470172
    Add novajoin password

Addressed by: https://review.openstack.org/473397
    Use /etc/novajoin instead of /etc/nova for cloud-init script

Addressed by: https://review.openstack.org/640089
    Mount required files for running novajoin tempest tests

Gerrit topic: https://review.opendev.org/#/q/topic:novajoin

Addressed by: https://review.opendev.org/701758
    WIP - Add novajoin to EndpointMap

Addressed by: https://review.opendev.org/706884
    Add novajoin to EndpointMap

Addressed by: https://review.opendev.org/739037
    Fix bind mount volumes for novajoin containers

Addressed by: https://review.opendev.org/740623
    Fix bind mount volumes for novajoin containers

Addressed by: https://review.opendev.org/740624
    Fix bind mount volumes for novajoin containers

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.