Using Heat to deploy a FreeIPA server

Disclaimer/Entreaty

If you see any technical errors or have any constructive criticism on how to improve the template, please contact me!¹

Preparation

I’ve been working on a Heat template to provision a FreeIPA server. It is meant to work alongside a tripleo-quickstart deploy.

Change the default IP block the undercloud uses

In the previous post, I described debugging the problem caused by tripleo-quickstart’s choice of default IP block. Change it using this.

Ironic node creation

This solution does not create new Ironic nodes. So, if you already have deployed your overcloud – you’ll need a free Ironic node. We could create a new one manually, like what Lars Kellogg-Stedman describes here.

Setting DNS server for the subnet

Depending on the network the VM is going to be attaching to, we may need to set the DNS server for the subnet. Personally, I haven’t found this to work (hence the hacky solution of appending an echo 'nameserver 8.8.8.8' to /etc/resolv.conf). If anyone has any suggestions on how to get DNS working in a better way, please send me an email!

I have tried this:

. ./stackrc  
neutron subnet-list  
neutron subnet-update <subnet_uuid> dns-nameserver=8.8.8.8  

but alas, it doesn’t work as far as I can tell.

FreeIPA VM creation

Heat stack creation

Now that we have an Ironic node to deploy our Heat template on, let’s get started. Clone this repo and tell Heat to create a stack using the template:

git clone https://github.com/resurrexit/freeipa-heat-template.git
heat stack-create --template freeipa_server.yaml

Passing in parameters

All parameters in the template have defaults based on tripleo-quickstart. Pass in parameters as needed with something like -p DNSNameserver=8.8.8.8 or by using an environment file.²

After cloud-init completes, you should have a working FreeIPA server!

Footnotes