My Experiment yesterday left me with a broken IPA install. I aim to fix that.



To get to the start state:

From my laptop, kick off a Tripleo Quickstart, stopping prior to undercloud deployment:

./quickstart.sh --teardown all -t untagged,provision,environment,undercloud-scripts ayoung-dell-t1700.test

SSH in to the machine …

ssh -F /home/ayoung/.quickstart/ssh.config.ansible undercloud

and set up FreeIPA;

$ cat install-ipa.sh

#!/usr/bin/bash sudo hostnamectl set-hostname --static undercloud.ayoung-dell-t1700.test export address=`ip -4 addr show eth0 primary | awk '/inet/ {sub ("/24" ,"" , $2) ; print $2}'` echo $address `hostname` | sudo tee -a /etc/hosts sudo yum -y install ipa-server-dns export P=FreIPA4All sudo ipa-server-install -U -r `hostname -d|tr "[a-z]" "[A-Z]"` -p $P -a $P --setup-dns `awk '/^name/ {print "--forwarder",$2}' /etc/resolv.conf`

Backup the HTTPD config directory:

sudo cp -a /etc/httpd/ /root

Now go continue the undercloud install

./undercloud-install.sh

Once that is done, the undercloud passes a sanity check. Doing a diff between the two directories shows a lot of differences.

sudo diff -r /root/httpd /etc/httpd/

All of the files in /etc/httpd/conf.d that were placed by the IPA install are gone, as are the following module files in /root/httpd/conf.modules.d

Only in /root/httpd/conf.modules.d: 00-base.conf Only in /root/httpd/conf.modules.d: 00-dav.conf Only in /root/httpd/conf.modules.d: 00-lua.conf Only in /root/httpd/conf.modules.d: 00-mpm.conf Only in /root/httpd/conf.modules.d: 00-proxy.conf Only in /root/httpd/conf.modules.d: 00-systemd.conf Only in /root/httpd/conf.modules.d: 01-cgi.conf Only in /root/httpd/conf.modules.d: 10-auth_gssapi.conf Only in /root/httpd/conf.modules.d: 10-nss.conf Only in /root/httpd/conf.modules.d: 10-wsgi.conf

TO start, I am going to backup the existing HTTPD directory :

sudo cp -a /etc/httpd/ /home/stack/

Te rest of this is easier to do as root, as I want some globbing. First, I’ll copy over the module config files

sudo su cp /root/httpd/conf.modules.d/* /etc/httpd/conf.modules.d/ systemctl restart httpd.service

Test Keystone

. ./stackrc openstack token issue

Get a token…good to go…ok, lets try toe conf.d files.

sudo cp /root/httpd/conf.d/* /etc/httpd/conf.d/ systemctl restart httpd.service

Then as a non admin user

$ kinit admin Password for admin@AYOUNG-DELL-T1700.TEST: [stack@undercloud ~]$ ipa user-find -------------- 1 user matched -------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash UID: 776400000 GID: 776400000 Account disabled: False Password: True Kerberos keys available: True ---------------------------- Number of entries returned 1 ----------------------------

This is a fragile deployment, as updating either FreeIPA or the Undercloud has the potential to break one or the other…or both. But it is a start.