2.2. Enrolling nodes in Red Hat Identity Manager (IdM) with novajoin
Novajoin is the default tool that you use to enroll your nodes with Red Hat Identity Manager (IdM) as part of the deployment process. As a result, you can integrate IdM features with your Red Hat OpenStack Platform deployment, including identities, kerberos credentials, and access controls. You must perform the enrollment process before you proceed with the rest of the IdM integration.
The enrollment process includes the following steps:
- Adding the undercloud node to the certificate authority (CA)
- Adding the undercloud node to IdM
- Optional: Setting the IdM server as the DNS server for the overcloud
- Preparing the environment files and deploying the overcloud
- Testing the overcloud enrollment in IdM and in RHOSP
- Optional: Adding DNS entries for novajoin in IdM
IdM enrollment with novajoin is currently only available for the undercloud and overcloud nodes. Novajoin integration for overcloud instances is expected to be supported in a later release.
2.2.1. Adding the undercloud node to the certificate authority
Before you deploy the overcloud, add the undercloud to the certificate authority (CA) by installing the
python3-novajoin package on the undercloud node and running the
On the undercloud node, install the
$ sudo dnf install python3-novajoin
On the undercloud node, run the
novajoin-ipa-setupscript, and adjust the values to suit your deployment:
$ sudo /usr/libexec/novajoin-ipa-setup \ --principal admin \ --password <IdM admin password> \ --server <IdM server hostname> \ --realm <realm> \ --domain <overcloud cloud domain> \ --hostname <undercloud hostname> \ --precreate
Use the resulting One-Time Password (OTP) to enroll the undercloud.