freeipa does not work in libvirt environment

Bug #1709333 reported by John Eckersberg on 2017-08-08
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
High
wes hayutin

Bug Description

The freeipa feature requires overriding the undercloud/overcloud nameservers to point to the freeipa server

http://git.openstack.org/cgit/openstack/tripleo-quickstart/tree/config/general_config/ipa.yml?id=4e71de555d8232fbc601a3e4043796155e0fcd51#n24

However, when using the libvirt environment, undercloud_undercloud_nameservers is ignored.

nameserver_from_virthost is set to true:

http://git.openstack.org/cgit/openstack/tripleo-quickstart/tree/config/environments/default_libvirt.yml?id=4e71de555d8232fbc601a3e4043796155e0fcd51#n10

and then virthost_nameservers is set:

http://git.openstack.org/cgit/openstack/tripleo-quickstart-extras/tree/roles/undercloud-deploy/tasks/create-scripts.yml?id=221f94f8de7555e87ccd072b521278f25a6dcf51#n3

which is used instead of undercloud_undercloud_nameservers:

http://git.openstack.org/cgit/openstack/tripleo-quickstart-extras/tree/roles/undercloud-deploy/templates/undercloud.conf.j2?id=221f94f8de7555e87ccd072b521278f25a6dcf51#n75

The end result is that the undercloud deployment fails, because the ipa client setup fails due to being unable to find the correct records on the wrong nameserver.

Ideally, this could be fixed in the ipa feature by setting nameserver_from_virthost to false, which I tried here:

https://review.openstack.org/#/c/491572/

However, this does not work, because environment configs take precedent over feature configs:

http://git.openstack.org/cgit/openstack/tripleo-quickstart/tree/quickstart.sh?id=4e71de555d8232fbc601a3e4043796155e0fcd51#n493

So I'm not sure what the cleanest way to go about fixing this is. Ideally you'd enable the ipa feature and it would sort it out for you. For now, you can workaround this issue by passing '-e nameserver_from_virthost=false' at the end of the commandline, which will successfully override the libvirt environment config. But that's really obtuse for endusers to figure out.

tags: added: quickstart
wes hayutin (weshayutin) wrote :

IMHO I think we should make the config take precedence over the environment. Will discuss it with the team.

Changed in tripleo:
status: New → Triaged
importance: Undecided → Critical
assignee: nobody → wes hayutin (weshayutin)
milestone: none → pike-rc1

Fix proposed to branch: master
Review: https://review.openstack.org/491888

Changed in tripleo:
status: Triaged → In Progress
Changed in tripleo:
importance: Critical → High

I agree with wes, would really like it if we could make the config take precedence.

Change abandoned by Alex Schultz (<email address hidden>) on branch: master
Review: https://review.openstack.org/491888
Reason: Need to clear out the queue as this is going to fail. Will restore momentarily

Reviewed: https://review.openstack.org/491888
Committed: https://git.openstack.org/cgit/openstack/tripleo-quickstart/commit/?id=59344567a2f675e7b4329ed0eb1321f823c6850a
Submitter: Jenkins
Branch: master

commit 59344567a2f675e7b4329ed0eb1321f823c6850a
Author: Wes Hayutin <email address hidden>
Date: Tue Aug 8 15:10:06 2017 -0400

    fix FreeIPA dns server issue

    Do not set the nameserver from the virthost if
    FreeIPA is used.

    Closes-Bug: #1709333
    Change-Id: I135b9cdbdc049656d8ad514aedf2b35e4eef7f34

Changed in tripleo:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers