Commit 05938e98 authored by Fabien Combernous's avatar Fabien Combernous

Merge branch '2-rename-classes-from-easy_ipa-to-freeipa-as-module-name' into 'master'

Resolve "rename classes from easy_ipa to freeipa as module name"

Closes #2

See merge request !2
parents 726f7f6e 8ab2cbb9
# easy_ipa Puppet module
# freeipa Puppet module
[![Build Status](https://travis-ci.org/jpuskar/puppet-ipa.svg?branch=master)](https://travis-ci.org/jpuskar/puppet-ipa)
## Overview
......@@ -28,7 +28,7 @@ This module requires [puppetlabs/stdlib](https://forge.puppetlabs.com/puppetlabs
Creating an IPA master, with the WebUI proxied to `https://localhost:8440`.
```puppet
class {'easy_ipa':
class {'freeipa':
ipa_role => 'master',
domain => 'vagrant.example.lan',
ipa_server_fqdn => 'ipa-server-1.vagrant.example.lan',
......@@ -48,7 +48,7 @@ class {'easy_ipa':
Adding a replica:
```puppet
class {'::easy_ipa':
class {'::freeipa':
ipa_role => 'replica',
domain => 'vagrant.example.lan',
ipa_server_fqdn => 'ipa-server-2.vagrant.example.lan',
......@@ -65,7 +65,7 @@ class {'::easy_ipa':
Adding a client:
```puppet
class {'::easy_ipa':
class {'::freeipa':
ipa_role => 'client',
domain => 'vagrant.example.lan',
domain_join_password => 'vagrant123',
......@@ -229,7 +229,7 @@ Steps to get started:
Original work from Harvard University Information Technology, mainly written by Rob Ruma (https://github.com/huit/puppet-ipa)
then forked by John Puskar (https://github.com/jpuskar/puppet-easy_ipa)
then forked by John Puskar (https://github.com/jpuskar/puppet-freeipa)
then forked by ADULLACT (https://gitlab.adullact.net/adullact/puppet-freeipa) currently written by :
* ADULLACT with Fabien Combernous
......
......@@ -28,11 +28,11 @@ puppet module install puppetlabs-concat
puppet module install puppetlabs-stdlib
puppet module install crayfishx-firewalld
puppet module install puppet-selinux
if [ -d /tmp/modules/easy_ipa ]; then rm -rf /tmp/modules/easy_ipa; fi
mkdir -p /tmp/modules/easy_ipa
cp -r /vagrant/* /tmp/modules/easy_ipa
if [ -d /tmp/modules/freeipa ]; then rm -rf /tmp/modules/freeipa; fi
mkdir -p /tmp/modules/freeipa
cp -r /vagrant/* /tmp/modules/freeipa
puppet apply --modulepath '/tmp/modules:/etc/puppetlabs/code/environments/production/modules' -e "\
class {'::easy_ipa':\
class {'::freeipa':\
ipa_role => 'master',\
domain => 'vagrant.example.lan',\
ipa_server_fqdn => 'ipa-server-1.vagrant.example.lan',\
......@@ -78,9 +78,9 @@ puppet module install puppetlabs-stdlib
puppet module install crayfishx-firewalld
puppet module install puppet-selinux
puppet module install saz-resolv_conf
if [ -d /tmp/modules/easy_ipa ]; then rm -rf /tmp/modules/easy_ipa; fi
mkdir -p /tmp/modules/easy_ipa
cp -r /vagrant/* /tmp/modules/easy_ipa
if [ -d /tmp/modules/freeipa ]; then rm -rf /tmp/modules/freeipa; fi
mkdir -p /tmp/modules/freeipa
cp -r /vagrant/* /tmp/modules/freeipa
puppet apply --modulepath '/tmp/modules:/etc/puppetlabs/code/environments/production/modules' -e "\
class { 'resolv_conf':\
nameservers => ['192.168.44.35'],\
......@@ -91,7 +91,7 @@ puppet apply --modulepath '/tmp/modules:/etc/puppetlabs/code/environments/produc
ip => '192.168.44.35',\
}"
puppet apply --modulepath '/tmp/modules:/etc/puppetlabs/code/environments/production/modules' -e "\
class {'::easy_ipa':\
class {'::freeipa':\
ipa_role => 'replica',\
domain => 'vagrant.example.lan',\
ipa_server_fqdn => 'ipa-server-2.vagrant.example.lan',\
......@@ -137,15 +137,15 @@ puppet module install puppetlabs-stdlib
puppet module install crayfishx-firewalld
puppet module install puppet-selinux
puppet module install saz-resolv_conf
if [ -d /tmp/modules/easy_ipa ]; then rm -rf /tmp/modules/easy_ipa; fi
mkdir -p /tmp/modules/easy_ipa
cp -r /vagrant/* /tmp/modules/easy_ipa
if [ -d /tmp/modules/freeipa ]; then rm -rf /tmp/modules/freeipa; fi
mkdir -p /tmp/modules/freeipa
cp -r /vagrant/* /tmp/modules/freeipa
puppet apply --modulepath '/tmp/modules:/etc/puppetlabs/code/environments/production/modules' -e "\
class { 'resolv_conf':\
nameservers => ['192.168.44.35'],\
}"
puppet apply --modulepath '/tmp/modules:/etc/puppetlabs/code/environments/production/modules' -e "\
class {'::easy_ipa':\
class {'::freeipa':\
ipa_role => 'client',\
domain => 'vagrant.example.lan',\
domain_join_password => 'vagrant123',\
......@@ -157,4 +157,4 @@ SCRIPT
box.vm.provision "shell", inline: $script
end
end
\ No newline at end of file
end
#
class easy_ipa::config {
}
\ No newline at end of file
class freeipa::config {
}
#
class easy_ipa::config::admin_user {
class freeipa::config::admin_user {
$uid_number = $easy_ipa::idstart
$uid_number = $freeipa::idstart
$home_dir_path = '/home/admin'
# Ensure admin homedir and keytab files.
......@@ -12,7 +12,7 @@ class easy_ipa::config::admin_user {
group => $uid_number,
recurse => true,
notify => Exec['configure_admin_keytab'],
require => Exec["server_install_${easy_ipa::ipa_server_fqdn}"],
require => Exec["server_install_${freeipa::ipa_server_fqdn}"],
}
file { "${home_dir_path}/.k5login":
......@@ -31,7 +31,7 @@ class easy_ipa::config::admin_user {
# Gives admin user the host/fqdn principal.
k5login { "${home_dir_path}/.k5login":
principals => $easy_ipa::master_principals,
principals => $freeipa::master_principals,
notify => File["${home_dir_path}/.k5login"],
require => File[$home_dir_path]
}
......@@ -41,7 +41,7 @@ class easy_ipa::config::admin_user {
exec { 'configure_admin_keytab':
command => $configure_admin_keytab_cmd,
cwd => $home_dir_path,
unless => shellquote('/usr/bin/kvno','-k',"${home_dir_path}/admin.keytab","admin@${easy_ipa::final_realm}"),
unless => shellquote('/usr/bin/kvno','-k',"${home_dir_path}/admin.keytab","admin@${freeipa::final_realm}"),
notify => Exec['chown_admin_keytab'],
refreshonly => true,
require => Cron['k5start_admin'],
......@@ -57,7 +57,7 @@ class easy_ipa::config::admin_user {
}
$k5start_admin_keytab_cmd = "/sbin/runuser -l admin -c \"/usr/bin/k5start -f ${home_dir_path}/admin.keytab -U\""
$k5start_admin_keytab_cmd_unless = "/sbin/runuser -l admin -c /usr/bin/klist | grep -i krbtgt\\/${easy_ipa::final_realm}\\@"
$k5start_admin_keytab_cmd_unless = "/sbin/runuser -l admin -c /usr/bin/klist | grep -i krbtgt\\/${freeipa::final_realm}\\@"
exec { 'k5start_admin_keytab':
command => $k5start_admin_keytab_cmd,
cwd => $home_dir_path,
......@@ -75,7 +75,7 @@ class easy_ipa::config::admin_user {
minute => '*/1',
notify => Exec['chown_admin_keytab'],
require => [
Package[$easy_ipa::kstart_package_name],
Package[$freeipa::kstart_package_name],
K5login["${home_dir_path}/.k5login"],
File[$home_dir_path]
],
......
# Configures port and redirect overrides for the IPA server web UI.
class easy_ipa::config::webui {
class freeipa::config::webui {
if $easy_ipa::webui_enable_proxy {
if $freeipa::webui_enable_proxy {
#ref: https://www.redhat.com/archives/freeipa-users/2016-June/msg00128.html
$proxy_server_internal_fqdn = $easy_ipa::ipa_server_fqdn
$proxy_server_external_fqdn = $easy_ipa::webui_proxy_external_fqdn
$proxy_https_port = $easy_ipa::webui_proxy_https_port
$proxy_server_internal_fqdn = $freeipa::ipa_server_fqdn
$proxy_server_external_fqdn = $freeipa::webui_proxy_external_fqdn
$proxy_https_port = $freeipa::webui_proxy_https_port
$proxy_server_external_fqdn_and_port = "${proxy_server_external_fqdn}:${proxy_https_port}"
$proxy_internal_uri = "https://${proxy_server_internal_fqdn}"
$proxy_external_uri = "https://${proxy_server_external_fqdn}:${proxy_https_port}"
$proxy_server_name = "https://${easy_ipa::ipa_server_fqdn}:${proxy_https_port}"
$proxy_server_name = "https://${freeipa::ipa_server_fqdn}:${proxy_https_port}"
$proxy_referrer_regex = regsubst(
$proxy_external_uri,
'\.',
......@@ -30,19 +30,19 @@ class easy_ipa::config::webui {
file { '/etc/httpd/conf.d/ipa-rewrite.conf':
ensure => present,
replace => true,
content => template('easy_ipa/ipa-rewrite.conf.erb'),
content => template('freeipa/ipa-rewrite.conf.erb'),
notify => Service['httpd'],
}
file { '/etc/httpd/conf.d/ipa-webui-proxy.conf':
ensure => present,
replace => true,
content => template('easy_ipa/ipa-webui-proxy.conf.erb'),
content => template('freeipa/ipa-webui-proxy.conf.erb'),
notify => Service['httpd'],
}
}
if $easy_ipa::webui_disable_kerberos {
if $freeipa::webui_disable_kerberos {
file_line{'disable_kerberos_via_if_1':
ensure => present,
path => '/etc/httpd/conf.d/ipa.conf',
......@@ -59,4 +59,4 @@ class easy_ipa::config::webui {
after => 'ErrorDocument\ 401\ /ipa/errors/unauthorized.html',
}
}
}
\ No newline at end of file
}
#
class easy_ipa::helpers {
}
\ No newline at end of file
class freeipa::helpers {
}
define easy_ipa::helpers::flushcache {
define freeipa::helpers::flushcache {
#TODO: nscd should be called on both platforms.
if $::osfamily == 'RedHat' {
......@@ -18,7 +18,7 @@ else \
/usr/bin/find /var/lib/sss/db -type f -exec rm -f \"{}\" ; ; \
fi"
} else {
fail('The class easy_ipa::flushcache is only written for RedHat and Debian.')
fail('The class freeipa::flushcache is only written for RedHat and Debian.')
}
exec { "ipa_flushcache_${title}":
......
......@@ -143,7 +143,7 @@
# TODO: Params.pp.
# TODO: configurable admin username.
#
class easy_ipa (
class freeipa (
String $domain,
String $ipa_role,
String $admin_password = '',
......@@ -229,7 +229,7 @@ class easy_ipa (
$final_configure_dns_server = $configure_dns_server
}
class {'::easy_ipa::validate_params':}
-> class {'::easy_ipa::install':}
class {'::freeipa::validate_params':}
-> class {'::freeipa::install':}
}
#
class easy_ipa::install {
class freeipa::install {
if $easy_ipa::install_epel {
if $freeipa::install_epel {
ensure_resource(
'package',
'epel-release',
......@@ -9,29 +9,29 @@ class easy_ipa::install {
)
}
if $easy_ipa::manage_host_entry {
host { $easy_ipa::ipa_server_fqdn:
ip => $easy_ipa::ip_address,
if $freeipa::manage_host_entry {
host { $freeipa::ipa_server_fqdn:
ip => $freeipa::ip_address,
}
}
# Note: sssd.conf handled by ipa-server-install.
if $easy_ipa::install_sssd {
contain 'easy_ipa::install::sssd'
if $freeipa::install_sssd {
contain 'freeipa::install::sssd'
}
if $easy_ipa::install_autofs {
contain 'easy_ipa::install::autofs'
if $freeipa::install_autofs {
contain 'freeipa::install::autofs'
}
if $easy_ipa::install_sssdtools {
package { $easy_ipa::sssdtools_package_name:
if $freeipa::install_sssdtools {
package { $freeipa::sssdtools_package_name:
ensure => present,
}
}
if $easy_ipa::ipa_role == 'master' or $easy_ipa::ipa_role == 'replica' {
if $easy_ipa::final_configure_dns_server {
if $freeipa::ipa_role == 'master' or $freeipa::ipa_role == 'replica' {
if $freeipa::final_configure_dns_server {
$dns_packages = [
'ipa-server-dns',
'bind-dyndb-ldap',
......@@ -41,13 +41,13 @@ class easy_ipa::install {
}
}
if $easy_ipa::install_ipa_server {
contain 'easy_ipa::install::server'
if $freeipa::install_ipa_server {
contain 'freeipa::install::server'
}
} elsif $easy_ipa::ipa_role == 'client' {
if $easy_ipa::install_ipa_client {
contain 'easy_ipa::install::client'
} elsif $freeipa::ipa_role == 'client' {
if $freeipa::install_ipa_client {
contain 'freeipa::install::client'
}
}
}
\ No newline at end of file
}
#
class easy_ipa::install::autofs {
package { $easy_ipa::autofs_package_name:
class freeipa::install::autofs {
package { $freeipa::autofs_package_name:
ensure => present,
}
......@@ -8,4 +8,4 @@ class easy_ipa::install::autofs {
ensure => 'running',
enable => true,
}
}
\ No newline at end of file
}
#
class easy_ipa::install::client {
class freeipa::install::client {
package{$easy_ipa::ipa_client_package_name:
package{$freeipa::ipa_client_package_name:
ensure => present,
}
package{$easy_ipa::kstart_package_name:
package{$freeipa::kstart_package_name:
ensure => present,
}
if $easy_ipa::client_install_ldaputils {
package { $easy_ipa::ldaputils_package_name:
if $freeipa::client_install_ldaputils {
package { $freeipa::ldaputils_package_name:
ensure => present,
}
}
if $easy_ipa::mkhomedir {
if $freeipa::mkhomedir {
$client_install_cmd_opts_mkhomedir = '--mkhomedir'
} else {
$client_install_cmd_opts_mkhomedir = ''
}
if $easy_ipa::fixed_primary {
if $freeipa::fixed_primary {
$client_install_cmd_opts_fixed_primary = '--fixed-primary'
} else {
$client_install_cmd_opts_fixed_primary = ''
}
if $easy_ipa::configure_ntp {
if $freeipa::configure_ntp {
$client_install_cmd_opts_no_ntp = ''
} else {
$client_install_cmd_opts_no_ntp = '--no-ntp'
......@@ -35,11 +35,11 @@ class easy_ipa::install::client {
$client_install_cmd = "\
/usr/sbin/ipa-client-install \
--server=${easy_ipa::ipa_master_fqdn} \
--realm=${easy_ipa::final_realm} \
--domain=${easy_ipa::domain} \
--principal='${easy_ipa::final_domain_join_principal}' \
--password='${easy_ipa::final_domain_join_password}' \
--server=${freeipa::ipa_master_fqdn} \
--realm=${freeipa::final_realm} \
--domain=${freeipa::domain} \
--principal='${freeipa::final_domain_join_principal}' \
--password='${freeipa::final_domain_join_password}' \
${client_install_cmd_opts_mkhomedir} \
${client_install_cmd_opts_fixed_primary} \
${client_install_cmd_opts_no_ntp} \
......@@ -48,18 +48,18 @@ class easy_ipa::install::client {
exec { "client_install_${::fqdn}":
command => $client_install_cmd,
timeout => 0,
unless => "cat /etc/ipa/default.conf | grep -i \"${easy_ipa::domain}\"",
unless => "cat /etc/ipa/default.conf | grep -i \"${freeipa::domain}\"",
creates => '/etc/ipa/default.conf',
logoutput => 'on_failure',
before => Service['sssd'],
provider => 'shell',
}
if $easy_ipa::install_sssd {
if $freeipa::install_sssd {
service { 'sssd':
ensure => 'running',
enable => true,
require => Package[$easy_ipa::sssd_package_name],
require => Package[$freeipa::sssd_package_name],
}
}
}
#
class easy_ipa::install::server {
class freeipa::install::server {
package{$easy_ipa::ipa_server_package_name:
package{$freeipa::ipa_server_package_name:
ensure => present,
}
package{$easy_ipa::kstart_package_name:
package{$freeipa::kstart_package_name:
ensure => present,
}
if $easy_ipa::server_install_ldaputils {
package { $easy_ipa::ldaputils_package_name:
if $freeipa::server_install_ldaputils {
package { $freeipa::ldaputils_package_name:
ensure => present,
}
}
$server_install_cmd_opts_idstart = "--idstart=${easy_ipa::idstart}"
$server_install_cmd_opts_idstart = "--idstart=${freeipa::idstart}"
if $easy_ipa::enable_hostname {
$server_install_cmd_opts_hostname = "--hostname=${easy_ipa::ipa_server_fqdn}"
if $freeipa::enable_hostname {
$server_install_cmd_opts_hostname = "--hostname=${freeipa::ipa_server_fqdn}"
} else {
$server_install_cmd_opts_hostname = ''
}
if $easy_ipa::enable_ip_address {
$server_install_cmd_opts_ip_address = "--ip-address ${easy_ipa::ip_address}"
if $freeipa::enable_ip_address {
$server_install_cmd_opts_ip_address = "--ip-address ${freeipa::ip_address}"
} else {
$server_install_cmd_opts_ip_address = ''
}
if $easy_ipa::final_configure_dns_server {
if $freeipa::final_configure_dns_server {
$server_install_cmd_opts_setup_dns = '--setup-dns'
} else {
$server_install_cmd_opts_setup_dns = ''
}
if $easy_ipa::configure_ntp {
if $freeipa::configure_ntp {
$server_install_cmd_opts_no_ntp = ''
} else {
$server_install_cmd_opts_no_ntp = '--no-ntp'
}
if $easy_ipa::final_configure_dns_server {
if size($easy_ipa::custom_dns_forwarders) > 0 {
if $freeipa::final_configure_dns_server {
if size($freeipa::custom_dns_forwarders) > 0 {
$server_install_cmd_opts_forwarders = join(
prefix(
$easy_ipa::custom_dns_forwarders,
$freeipa::custom_dns_forwarders,
'--forwarder '),
' '
)
......@@ -58,16 +58,16 @@ class easy_ipa::install::server {
$server_install_cmd_opts_forwarders = ''
}
if $easy_ipa::no_ui_redirect {
if $freeipa::no_ui_redirect {
$server_install_cmd_opts_no_ui_redirect = ''
} else {
$server_install_cmd_opts_no_ui_redirect = '--no-ui-redirect'
}
if $easy_ipa::ipa_role == 'master' {
contain 'easy_ipa::install::server::master'
} elsif $easy_ipa::ipa_role == 'replica' {
contain 'easy_ipa::install::server::replica'
if $freeipa::ipa_role == 'master' {
contain 'freeipa::install::server::master'
} elsif $freeipa::ipa_role == 'replica' {
contain 'freeipa::install::server::replica'
}
ensure_resource (
......@@ -76,23 +76,23 @@ class easy_ipa::install::server {
{ensure => 'running'},
)
contain 'easy_ipa::config::webui'
contain 'freeipa::config::webui'
service { 'ipa':
ensure => 'running',
enable => true,
require => Exec["server_install_${easy_ipa::ipa_server_fqdn}"],
require => Exec["server_install_${freeipa::ipa_server_fqdn}"],
}
if $easy_ipa::install_sssd {
if $freeipa::install_sssd {
service { 'sssd':
ensure => 'running',
enable => true,
require => Package[$easy_ipa::sssd_package_name],
require => Package[$freeipa::sssd_package_name],
}
}
easy_ipa::helpers::flushcache { "server_${easy_ipa::ipa_server_fqdn}": }
class {'easy_ipa::config::admin_user': }
freeipa::helpers::flushcache { "server_${freeipa::ipa_server_fqdn}": }
class {'freeipa::config::admin_user': }
}
#
class easy_ipa::install::server::master {
class freeipa::install::server::master {
$server_install_cmd = "\
/usr/sbin/ipa-server-install \
${easy_ipa::install::server::server_install_cmd_opts_hostname} \
--realm=${easy_ipa::final_realm} \
--domain=${easy_ipa::domain} \
--admin-password='${easy_ipa::admin_password}' \
--ds-password='${easy_ipa::directory_services_password}' \
${easy_ipa::install::server::server_install_cmd_opts_setup_dns} \
${easy_ipa::install::server::server_install_cmd_opts_forwarders} \
${easy_ipa::install::server::server_install_cmd_opts_ip_address} \
${easy_ipa::install::server::server_install_cmd_opts_no_ntp} \
${easy_ipa::install::server::server_install_cmd_opts_idstart} \
${easy_ipa::install::server::server_install_cmd_opts_no_ui_redirect} \
${freeipa::install::server::server_install_cmd_opts_hostname} \
--realm=${freeipa::final_realm} \
--domain=${freeipa::domain} \
--admin-password='${freeipa::admin_password}' \
--ds-password='${freeipa::directory_services_password}' \
${freeipa::install::server::server_install_cmd_opts_setup_dns} \
${freeipa::install::server::server_install_cmd_opts_forwarders} \
${freeipa::install::server::server_install_cmd_opts_ip_address} \
${freeipa::install::server::server_install_cmd_opts_no_ntp} \
${freeipa::install::server::server_install_cmd_opts_idstart} \
${freeipa::install::server::server_install_cmd_opts_no_ui_redirect} \
--unattended"
file { '/etc/ipa/primary':
ensure => 'file',
content => 'Added by IPA Puppet module. Designates primary master. Do not remove.',
}
-> exec { "server_install_${easy_ipa::ipa_server_fqdn}":
-> exec { "server_install_${freeipa::ipa_server_fqdn}":
command => $server_install_cmd,
timeout => 0,
unless => '/usr/sbin/ipactl status >/dev/null 2>&1',
creates => '/etc/ipa/default.conf',
logoutput => 'on_failure',
notify => Easy_ipa::Helpers::Flushcache["server_${easy_ipa::ipa_server_fqdn}"],
notify => Easy_ipa::Helpers::Flushcache["server_${freeipa::ipa_server_fqdn}"],
before => Service['sssd'],
}
-> cron { 'k5start_root': #allows scp to replicas as root
command => '/usr/bin/k5start -f /etc/krb5.keytab -U -o root -k /tmp/krb5cc_0 > /dev/null 2>&1',
user => 'root',
minute => '*/1',
require => Package[$easy_ipa::kstart_package_name],
require => Package[$freeipa::kstart_package_name],
}
}
#
class easy_ipa::install::server::replica {
class freeipa::install::server::replica {
$replica_install_cmd = "\
/usr/sbin/ipa-replica-install \
--principal=${easy_ipa::final_domain_join_principal} \
--admin-password='${easy_ipa::final_domain_join_password}' \
${easy_ipa::install::server::server_install_cmd_opts_hostname} \
--realm=${easy_ipa::final_realm} \
--domain=${easy_ipa::domain} \
--server=${easy_ipa::ipa_master_fqdn} \
${easy_ipa::install::server::server_install_cmd_opts_setup_dns} \
${easy_ipa::install::server::server_install_cmd_opts_forwarders} \
${easy_ipa::install::server::server_install_cmd_opts_ip_address} \
${easy_ipa::install::server::server_install_cmd_opts_no_ntp} \
${easy_ipa::install::server::server_install_cmd_opts_no_ui_redirect} \
--principal=${freeipa::final_domain_join_principal} \
--admin-password='${freeipa::final_domain_join_password}' \
${freeipa::install::server::server_install_cmd_opts_hostname} \
--realm=${freeipa::final_realm} \
--domain=${freeipa::domain} \
--server=${freeipa::ipa_master_fqdn} \
${freeipa::install::server::server_install_cmd_opts_setup_dns} \
${freeipa::install::server::server_install_cmd_opts_forwarders} \
${freeipa::install::server::server_install_cmd_opts_ip_address} \
${freeipa::install::server::server_install_cmd_opts_no_ntp} \
${freeipa::install::server::server_install_cmd_opts_no_ui_redirect} \
--unattended"
# TODO: config-show and grep for IPA\ masters
......@@ -20,20 +20,20 @@ class easy_ipa::install::server::replica {
ensure => 'file',
content => 'Added by IPA Puppet module. Designates primary master. Do not remove.',
}
-> exec { "server_install_${easy_ipa::ipa_server_fqdn}":
-> exec { "server_install_${freeipa::ipa_server_fqdn}":
command => $replica_install_cmd,
timeout => 0,
unless => '/usr/sbin/ipactl status >/dev/null 2>&1',
creates => '/etc/ipa/default.conf',
logoutput => 'on_failure',
notify => Easy_ipa::Helpers::Flushcache["server_${easy_ipa::ipa_server_fqdn}"],
notify => Easy_ipa::Helpers::Flushcache["server_${freeipa::ipa_server_fqdn}"],
before => Service['sssd'],
}
-> cron { 'k5start_root':
command => '/usr/bin/k5start -f /etc/krb5.keytab -U -o root -k /tmp/krb5cc_0 > /dev/null 2>&1',
user => 'root',
minute => '*/1',
require => Package[$easy_ipa::kstart_package_name],
require => Package[$freeipa::kstart_package_name],
}
}
#
class easy_ipa::install::sssd {
class freeipa::install::sssd {
package { $easy_ipa::sssd_package_name:
package { $freeipa::sssd_package_name:
ensure => present,