Bug 1631107 - [RFE] [tripleo-heat-templates] Add ability to specify dns search domains
Summary: [RFE] [tripleo-heat-templates] Add ability to specify dns search domains
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: z8
: 13.0 (Queens)
Assignee: Ade Lee
QA Contact: Pavan
mgeary
URL:
Whiteboard:
: 1673077 (view as bug list)
Depends On:
Blocks: 1718657
TreeView+ depends on / blocked
 
Reported: 2018-09-19 22:57 UTC by Mike McClure
Modified: 2023-03-24 14:28 UTC (History)
23 users (show)

Fixed In Version: openstack-tripleo-heat-templates-8.3.1-29.el7ost
Doc Type: Enhancement
Doc Text:
With this update, Red Hat OpenStack Platform contains a new parameter `DnsSearchDomains`. You can use this parameter for IDM and FreeIPA environments that have different DNS subdomains. Set this parameter in the `parameter_defaults` section of an environment file to add a list of DNS search domains to `resolv.conf`.
Clone Of:
: 1713759 1713761 (view as bug list)
Environment:
Last Closed: 2019-08-28 10:45:48 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 658849 0 None MERGED Add ability to specify dns search domains 2020-10-14 19:45:54 UTC
Red Hat Issue Tracker OSP-962 0 None None None 2023-03-24 14:28:32 UTC

Comment 4 Ade Lee 2019-03-25 14:53:21 UTC 
I performed the following test in our environment.  This test was done on OSP 13.

1. Created an IDM server with the following invocation:

   ipa-server-install -U -r OOODOMAIN.EXAMPLE.COM -n oootest.example.com -p redhat123 -a redhat123 --hostname `hostname -f` --ip-address 10.12.6.77 --setup-dns --auto-forwarders --auto-reverse

   Note that the domain was set to oootest.example.com which is entirely different from the realm  OOODOMAIN.EXAMPLE.COM.
   The hostname of my IPA server was set to ipa-server.oootest.example.com.

2. Created a "vanilla" undercloud that is not registered with the IdM server.

3.  In my tests, I found that when the domain does not match the realm, the ipa-client-install
    command fails because logic in krb5 to discover the KDCs fails.  The workaround for this is
    simply to pass the --force option to the ipa-client-install command line.

    On this undercloud, we can do this by providing extra hieradata to the ipaclient puppet module.

    In undercloud.conf, the is a directive : 

        hieradata_override = ./hieradata-overrides-classic-undercloud.yaml

    which points to a file which contains hieradata overrides.  In that file, add:

        ipaclient::force: true

4. Then, re-deploy the undercloud following the instructions at :
   http://tripleo.org/install/advanced_deployment/ssl.html#tls-everywhere-for-the-overcloud

5. For the overcloud nodes, the same workaround needs to be applied.
   This can be done by updating the cloud-init script that is executed on the overcloud nodes.
   For OSP13, this script is at /etc/novajoin/cloud-config-novajoin.json
   Modify that file so that the ipa-client-install command is executed with the following options:
   
       --force --hostname $fqdn

   Restart novajoin and the nova processes.

With these workarounds, it was possible to deploy the overcloud and undercloud with no issues.
Comment 14 Ade Lee 2019-05-17 15:38:55 UTC 
*** Bug 1673077 has been marked as a duplicate of this bug. ***
Comment 18 Harry Rybacki 2019-05-29 17:29:01 UTC 
Moving to POST -- patches have merged.
Comment 19 Harry Rybacki 2019-05-29 17:42:47 UTC 
Downstream build complete. Moving bug to MODIFIED.
Comment 34 Lon Hohberger 2019-08-28 10:45:48 UTC 
According to our records, this should be resolved by openstack-tripleo-heat-templates-8.3.1-54.el7ost.  This build is available now.
Note You need to log in before you can comment on or make changes to this bug.