Skip to content

Enable FreeIPA for OSP 17.1 adoption CI#3614

Open
ciecierski wants to merge 1 commit intoopenstack-k8s-operators:mainfrom
ciecierski:tlse-osp-deploy
Open

Enable FreeIPA for OSP 17.1 adoption CI#3614
ciecierski wants to merge 1 commit intoopenstack-k8s-operators:mainfrom
ciecierski:tlse-osp-deploy

Conversation

@ciecierski
Copy link
Contributor

@ciecierski ciecierski commented Jan 21, 2026
edited by openshift-ci bot
Loading

This commit introduces support for deploying a FreeIPA server within the OSP 17.1 adoption CI.

The following has been added:

  • Tasks for the initial setup and configuration of a FreeIPA server.
  • DNS configuration for the undercloud, followed by the execution of undercloud-ipa-install.yaml.
  • DNS configuration for the overcloud to use the new FreeIPA instance.

Following code has been modified:

  • hci adoption scenario is updated to include the creation of the FreeIPA vm
  • do not add the unique ID to osp-underclud name. Predicted hostname of undercloud
    is required for ipa installer playbook

Closes: OSPRH-23046

Signed-off-by: Mikolaj Ciecierski mciecier@redhat.com

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 21, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign michburk for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ciecierski ciecierski requested a review from vakwetu January 21, 2026 15:19
@ciecierski ciecierski mentioned this pull request Jan 21, 2026
Open
@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Jan 21, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/b2d7d2aa37dd41da982f20d422be64a9

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 26m 59s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 29m 22s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 50m 40s
✔️ cifmw-crc-podified-edpm-baremetal-minor-update SUCCESS in 2h 12m 49s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 22s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 03s
cifmw-pod-pre-commit FAILURE in 7m 53s
✔️ cifmw-molecule-adoption_osp_deploy SUCCESS in 3m 31s
✔️ cifmw-molecule-libvirt_manager SUCCESS in 40m 35s
✔️ cifmw-molecule-reproducer SUCCESS in 30m 42s

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Jan 22, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/62f44cd4bd794064b5094fd395dc974e

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 33m 06s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 29m 47s
cifmw-crc-podified-edpm-baremetal RETRY_LIMIT in 27m 42s
✔️ cifmw-crc-podified-edpm-baremetal-minor-update SUCCESS in 1h 47m 05s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 39s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 50s
✔️ cifmw-pod-pre-commit SUCCESS in 8m 19s
✔️ cifmw-molecule-adoption_osp_deploy SUCCESS in 3m 32s
✔️ cifmw-molecule-libvirt_manager SUCCESS in 40m 55s
✔️ cifmw-molecule-reproducer SUCCESS in 14m 47s

@jistr
Copy link
Contributor

jistr commented Jan 23, 2026

LGTM

@ciecierski ciecierski force-pushed the tlse-osp-deploy branch 2 times, most recently from 6f609ed to 1b6779e Compare January 26, 2026 11:52
@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Jan 27, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/eaf4e0e7abc246bda9803bf9e97b9b14

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 39m 40s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 24m 35s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 23m 35s
cifmw-crc-podified-edpm-baremetal-minor-update RETRY_LIMIT in 28m 45s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 36s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 08s
✔️ cifmw-pod-pre-commit SUCCESS in 8m 23s
✔️ cifmw-molecule-adoption_osp_deploy SUCCESS in 3m 39s
✔️ cifmw-molecule-libvirt_manager SUCCESS in 39m 20s
✔️ cifmw-molecule-reproducer SUCCESS in 13m 51s

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Jan 29, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/9d4726e92be54c768e6040ef38aa7aa9

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 01m 05s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 27m 38s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 26m 53s
cifmw-crc-podified-edpm-baremetal-minor-update FAILURE in 1h 46m 46s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 37s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 32s
✔️ cifmw-pod-pre-commit SUCCESS in 9m 26s
✔️ cifmw-molecule-adoption_osp_deploy SUCCESS in 3m 40s
✔️ cifmw-molecule-libvirt_manager SUCCESS in 39m 45s
✔️ cifmw-molecule-reproducer SUCCESS in 14m 56s

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Jan 29, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/bfa98e20e83b451fb7d085e92c58c2c9

openstack-k8s-operators-content-provider FAILURE in 6m 29s
⚠️ podified-multinode-edpm-deployment-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-crc-podified-edpm-baremetal SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-crc-podified-edpm-baremetal-minor-update SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
✔️ cifmw-pod-zuul-files SUCCESS in 4m 33s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 35s
✔️ cifmw-pod-pre-commit SUCCESS in 7m 56s
✔️ cifmw-molecule-adoption_osp_deploy SUCCESS in 3m 39s
✔️ cifmw-molecule-libvirt_manager SUCCESS in 40m 23s
✔️ cifmw-molecule-reproducer SUCCESS in 15m 28s

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Feb 3, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/c1f703e20f6c4a338cd6c64dd170c858

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 14m 26s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 19m 30s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 35m 41s
✔️ cifmw-crc-podified-edpm-baremetal-minor-update SUCCESS in 1h 59m 00s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 54s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 03s
cifmw-pod-pre-commit FAILURE in 8m 17s
✔️ cifmw-molecule-adoption_osp_deploy SUCCESS in 3m 38s
✔️ cifmw-molecule-libvirt_manager SUCCESS in 41m 52s
✔️ cifmw-molecule-reproducer SUCCESS in 14m 45s

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Feb 3, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/906a4e74f55e482cae9cb94f5342bc18

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 06m 31s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 24m 48s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 26m 22s
✔️ cifmw-crc-podified-edpm-baremetal-minor-update SUCCESS in 1h 52m 55s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 36s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 34s
cifmw-pod-pre-commit FAILURE in 7m 57s
✔️ cifmw-molecule-adoption_osp_deploy SUCCESS in 3m 55s
✔️ cifmw-molecule-libvirt_manager SUCCESS in 40m 12s
✔️ cifmw-molecule-reproducer SUCCESS in 15m 13s

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Feb 4, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/479549addf3d496e8bed2215e87043d1

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 50m 26s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 23m 33s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 34m 49s
cifmw-crc-podified-edpm-baremetal-minor-update FAILURE in 32m 12s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 27s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 20s
✔️ cifmw-pod-pre-commit SUCCESS in 7m 44s
✔️ cifmw-molecule-adoption_osp_deploy SUCCESS in 3m 52s
✔️ cifmw-molecule-libvirt_manager SUCCESS in 38m 54s
✔️ cifmw-molecule-reproducer SUCCESS in 14m 39s

jagee added a commit to jagee/data-plane-adoption that referenced this pull request Feb 4, 2026
@jagee
keystone ldap adoption testing
5739397 
LDAP adoption testing will add a ldap domain to keystone. This
ldap connection will be to the freeipa server setup for tlse
environments on a multinode adoption job.

Depends-On: openstack-k8s-operators/ci-framework#3614
Depends-On: openstack-k8s-operators#1203
Jira: https://issues.redhat.com/browse/OSPRH-6861
@jagee jagee mentioned this pull request Feb 4, 2026
Open
@ciecierski
Copy link
Contributor Author

ciecierski commented Feb 4, 2026

recheck

jagee added a commit to jagee/data-plane-adoption that referenced this pull request Feb 4, 2026
@jagee
keystone ldap adoption testing
5ff895d 
LDAP adoption testing will add a ldap domain to keystone. This
ldap connection will be to the freeipa server setup for tlse
environments on a multinode adoption job.

Depends-On: openstack-k8s-operators/ci-framework#3614
Jira: https://issues.redhat.com/browse/OSPRH-6861
@jagee
Copy link
Contributor

jagee commented Feb 4, 2026

The code looks good to me. I was able to go over the undercloud and overcloud env on a test deploy and everything looked correct on the osp and freeipa side post deploy.

jagee added a commit to jagee/data-plane-adoption that referenced this pull request Feb 4, 2026
@jagee
keystone ldap adoption testing
4ee52ae 
LDAP adoption testing will add a ldap domain to keystone. This
ldap connection will be to the freeipa server setup for tlse
environments on a multinode adoption job.

Depends-On: openstack-k8s-operators/ci-framework#3614
Jira: https://issues.redhat.com/browse/OSPRH-6861
jistr
jistr previously approved these changes Feb 5, 2026
View reviewed changes
Copy link
Contributor

@jistr jistr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Feb 5, 2026
@openshift-ci openshift-ci bot removed the lgtm label Feb 5, 2026
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 5, 2026

New changes are detected. LGTM label has been removed.

@ciecierski
(multiple) Enable FreeIPA for OSP 17.1 adoption CI
6937209 
This commit introduces support for deploying a FreeIPA server within the OSP 17.1 adoption CI.

The following has been added:
- Tasks for the initial setup and configuration of a FreeIPA server.
- DNS configuration for the undercloud, followed by the execution of `undercloud-ipa-install.yaml`.
- DNS configuration for the overcloud to use the new FreeIPA instance.

Following code has been modified:
- hci adoption scenario is updated to include the creation of the FreeIPA vm
- do not add the unique ID to osp-underclud name. Predicted hostname of undercloud
is required for ipa installer playbook

Signed-off-by: Mikolaj Ciecierski <mciecier@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jistr jistr jistr left review comments

@vakwetu vakwetu Awaiting requested review from vakwetu

At least 2 approving reviews are required to merge this pull request.

Assignees

@jistr jistr

Labels

Ready For Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ciecierski @jistr @jagee