Sorry, yes, the role is `ansible-freeipa.ipaclient`.
The logic is that it first checks for `ipaserver_domain` and then `ipaclient_domain` and errors out when neither is set [1]. When I debugged the play, `ipaserver_domain` was not set. I am not sure what is responsible to set it, but that in principle should be the default method of configuration, using `CloudDomain`.
About the discovered through dns, that is unclear to the logic of that discovery. In principle, those should be group variables that set both `ipaserver_domain` and `ipaserver` is defined according to `CloudDomain` and the keytab info or undercloud registration.
But actually I don't think that the heat template would even handle this configuration properly, where the `CloudDomain` is different than ipaserver domain, even though the deploy documentation implies that it should work. For example, which `ipaclient_realm` will be used there?
Sorry, yes, the role is `ansible- freeipa. ipaclient` .
The logic is that it first checks for `ipaserver_domain` and then `ipaclient_domain` and errors out when neither is set [1]. When I debugged the play, `ipaserver_domain` was not set. I am not sure what is responsible to set it, but that in principle should be the default method of configuration, using `CloudDomain`.
[1] https:/ /github. com/freeipa/ ansible- freeipa/ blob/401d5d5acc cfeaa421edb9d39 647f0d0c1b71a67 /roles/ ipaclient/ tasks/install. yml#L33
About the discovered through dns, that is unclear to the logic of that discovery. In principle, those should be group variables that set both `ipaserver_domain` and `ipaserver` is defined according to `CloudDomain` and the keytab info or undercloud registration.
But actually I don't think that the heat template would even handle this configuration properly, where the `CloudDomain` is different than ipaserver domain, even though the deploy documentation implies that it should work. For example, which `ipaclient_realm` will be used there?