Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipaserver: Use ansible_host instead of group name #1209

Closed
wants to merge 2 commits into from
Closed

ipaserver: Use ansible_host instead of group name #1209

wants to merge 2 commits into from

Conversation

rjeffman
Copy link
Member

@rjeffman rjeffman commented Feb 7, 2024
edited
Loading

Deployment of any node fails when hosts defined in groups do not represent the hostname, for example, when using ansible_host.

For example, the following inventory YAML file would fail deployment:

---
all:
  children:
    ipaserver:
      hosts:
        ipa_server:
          ansible_host: "{{ ipaserver_hostname }}"
          ansible_user: root
      vars:
        ipaserver_setup_ca: true
        ipaserver_setup_dns: true
        ipaserver_no_forwarders: true
        ipaserver_auto_reverse: true
        ipaserver_allow_zone_overlap: true
        ipaserver_setup_adtrust: true
        ipaserver_netbios_name: IPA 
        ipaserver_random_serial_numbers: true
        ipaserver_no_hbac_allow: false
  vars:
    ipaserver_hostname: server.lin.ipa.test

By maping the inventory name to the actual ansible_host the inventory file can act as a template, and the node names can use ansible_host to set the actual host.

See the individual commits for specific changes.

@rjeffman rjeffman requested a review from t-woerner February 7, 2024 21:24
@rjeffman rjeffman force-pushed the ipaserver_use_ansible_host_instead_of_group_name branch from 53c7fd6 to 91bf751 Compare May 22, 2024 12:58
@t-woerner
Copy link
Member

The changes affect only ipaserver and ipaclient roles, as ipareplica uses ipaclient for the host setup, before promoting host to replica.

There is a change for replica and client role in the PR.

@rjeffman
ipaclient: Use hostvars data instead of inventory group name
93b98f6 
When using 'ansible_host' to override the target node name in an Ansible
inventory, the ipaclient deployment role fails as it is not able to
either correctly resolve the server name, or fail to join the host to
the realm, since the inventory name may match the actual hostname.

By retrieving the 'ansible_host' from 'hostvars' a user is allowed to
change the actual hostname without affecting the Ansible node used. Such
a setup is useful if one have a template inventory, or to setup nodes
using containers.
@rjeffman
ipareplica: Use hostvars data instead of inventory group name
c62eb0a 
When using 'ansible_host' to override the target node name in an Ansible
inventory, the ipareplica deployment role fails as it is not able to
either correctly resolve the server name, or fail to join the host to
the realm, since the inventory name may match the actual hostname.

By retrieving the 'ansible_host' from 'hostvars' a user is allowed to
change the actual hostname without affecting the Ansible node used. Such
a setup is useful if one have a template inventory, or to setup nodes
using containers.
@rjeffman rjeffman force-pushed the ipaserver_use_ansible_host_instead_of_group_name branch from 91bf751 to c62eb0a Compare December 2, 2024 23:59
@rjeffman
Copy link
Member Author

rjeffman commented Dec 3, 2024

Fixed commit messages and PR description.

@rjeffman
Copy link
Member Author

rjeffman commented Dec 3, 2024

With current code and on later Ansible vesions, this PR makes no sense.

It is better no use ipareplica_servers and ipaclient_servers.

@rjeffman rjeffman closed this Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t-woerner t-woerner Awaiting requested review from t-woerner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rjeffman @t-woerner