Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
Adullact
puppet-freeipa
Commits
8e5b5abe
Commit
8e5b5abe
authored
Jan 22, 2020
by
Fabien Combernous
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
some cleanup of docs
parent
6214509a
Pipeline
#7851
passed with stages
in 55 minutes and 7 seconds
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
40 additions
and
49 deletions
+40
-49
REFERENCE.md
REFERENCE.md
+19
-32
manifests/init.pp
manifests/init.pp
+21
-17
No files found.
REFERENCE.md
View file @
8e5b5abe
...
...
@@ -9,17 +9,14 @@ _Public Classes_
*
[
`freeipa`
](
#freeipa
)
: Manages IPA masters, replicas and clients.
*
[
`freeipa::helpers::flushcache`
](
#freeipahelpersflushcache
)
: Flushcache sss for Debian and RedHat only
*
[
`freeipa::install::autofs`
](
#freeipainstallautofs
)
: Installs and start autofs
_Private Classes_
*
`freeipa::config::keytab`
: Configures keytab for admin user on FreeIPA master.
*
`freeipa::install`
: Installs the packages needed for servers and clients
*
`freeipa::install::client`
: Install freeipa client
*
`freeipa::install::server`
: This class mainly defines options for the ipa install command, then install master or replica regarding the role set.
*
`freeipa::install::server::master`
: Installs freeipa server as master
*
`freeipa::install::server::replica`
: Installs freeipa server as replica
*
`freeipa::install::sssd`
: Install sssd package
**Tasks**
...
...
@@ -66,19 +63,19 @@ The name of the IPA domain to create or join.
Data type:
`Enum['master','replica','client']`
What role the node will be.
Options are 'master', 'replica', and 'client'.
What role the node will be.
##### `puppet_admin_password`
Data type:
`String[8]`
Password which will be assigned to the IPA account named
'
admin
'
.
Password which will be assigned to the IPA account named
`
admin
`
and used by Puppet
.
##### `directory_services_password`
Data type:
`String[8]`
Password which will be passed into the ipa setup's parameter named
"
--ds-password
"
.
Password which will be passed into the ipa setup's parameter named
`
--ds-password
`
.
##### `autofs_package_name`
...
...
@@ -100,8 +97,8 @@ Default value: `false`
Data type:
`Boolean`
If true, then
the parameter '--setup-dns' is passed to the IPA server installer.
Also, triggers the install of the required dns server packages
.
If true, then
install and configure an integrated DNS server, create DNS zone specified by
`domain`
,
and fill it with service records necessary for IPA deployment
.
Default value:
`true`
...
...
@@ -109,7 +106,7 @@ Default value: `true`
Data type:
`Boolean`
If false, then
the parameter '--no-ntp' is passed to the IPA server installer
.
If false, then
do not configure NTP
.
Default value:
`true`
...
...
@@ -117,7 +114,7 @@ Default value: `true`
Data type:
`Array[String]`
Each element in this array is prefixed with
'
--forwarder
'
and passed to the IPA server installer.
Each element in this array is prefixed with
`
--forwarder
`
and passed to the IPA server installer.
Default value: []
...
...
@@ -141,7 +138,7 @@ Default value: $puppet_admin_password
Data type:
`Boolean`
If true, then the
parameter '
--hostname
'
is populated with the parameter
'
ipa_server_fqdn
'
If true, then the
installer flag
`
--hostname
`
is populated with the parameter
`
ipa_server_fqdn
`
and passed to the IPA installer.
Default value:
`true`
...
...
@@ -150,7 +147,7 @@ Default value: `true`
Data type:
`Boolean`
If true, then the
parameter '
--ip-address
'
is populated with the parameter
'
ip_address
'
If true, then the
installer flag
`
--ip-address
`
is populated with the parameter
`
ip_address
`
and passed to the IPA installer.
Default value:
`false`
...
...
@@ -159,7 +156,8 @@ Default value: `false`
Data type:
`Boolean`
If true, then the parameter '--fixed-primary' is passed to the IPA installer.
If true, on client it configure SSSD to use a fixed server as the primary IPA server.
The default behavior of client is to use DNS SRV records to determine the primary server to use.
Default value:
`false`
...
...
@@ -215,7 +213,7 @@ Default value: 'ipa-server'
Data type:
`Boolean`
If true, then the IPA client packages are installed if the parameter
'
ipa_role
'
is set to
'
client
'
.
If true, then the IPA client packages are installed if the parameter
`
ipa_role
`
is set to
`
client
`
.
Default value:
`true`
...
...
@@ -223,7 +221,7 @@ Default value: `true`
Data type:
`Boolean`
If true, then the IPA server packages are installed if the parameter
'
ipa_role
'
is not set to
'
client
'
.
If true, then the IPA server packages are installed if the parameter
`
ipa_role
`
is not set to
`
client
`
.
Default value:
`true`
...
...
@@ -239,13 +237,14 @@ Default value: `true`
Data type:
`Stdlib::IP::Address`
IP address to pass to the IPA installer.
The IP address of this server.
If this address does not match the address the host resolves to and
`configure_dns_server`
is not
`true`
, the installation will fail.
##### `ipa_server_fqdn`
Data type:
`Stdlib::Fqdn`
Actual fqdn of the IPA server
or client
.
Actual fqdn of the IPA server.
Default value: $facts
[
'networking'
][
'fqdn'
]
...
...
@@ -267,7 +266,7 @@ FQDN of the server to use for a client or replica domain join.
Data type:
`Boolean`
If true, then a host entry is created using the parameters
'
ipa_server_fqdn
'
and
'
ip_address
'
.
If true, then a host entry is created using the parameters
`
ipa_server_fqdn
`
and
`
ip_address
`
.
Default value:
`false`
...
...
@@ -275,7 +274,7 @@ Default value: `false`
Data type:
`Boolean`
If true,
then the parameter '--mk
homedir
' is passed to the IPA client installer
.
If true,
on client configure PAM to create a users
home
dir
ectory if it does not exist
.
Default value:
`true`
...
...
@@ -323,7 +322,7 @@ Default value: 'sssd-tools'
Data type:
`Boolean`
If true,
then the parameter '--setup-ca' is passed to the IPA server installer (for
replica
s)
If true,
install and configure a CA even on
replica
.
Default value:
`true`
...
...
@@ -339,18 +338,6 @@ Flushcache sss for Debian and RedHat only
include
freeipa::helpers::flushcache
```
### freeipa::install::autofs
Installs and start autofs
#### Examples
#####
```
puppet
include
freeipa::install::autofs
```
## Tasks
### manage_admin
...
...
manifests/init.pp
View file @
8e5b5abe
...
...
@@ -19,46 +19,50 @@
# Parameters
# ----------
# @param domain The name of the IPA domain to create or join.
# @param ipa_role What role the node will be.
Options are 'master', 'replica', and 'client'.
# @param puppet_admin_password Password which will be assigned to the IPA account named
'
admin
'
.
# @param directory_services_password Password which will be passed into the ipa setup's parameter named
"
--ds-password
"
.
# @param ipa_role What role the node will be.
# @param puppet_admin_password Password which will be assigned to the IPA account named
`
admin
` and used by Puppet
.
# @param directory_services_password Password which will be passed into the ipa setup's parameter named
`
--ds-password
`
.
# @param autofs_package_name Name of the autofs package to install if enabled.
# @param client_install_ldaputils If true, then the ldaputils packages are installed if ipa_role is set to client.
# @param configure_dns_server
# If true, then
the parameter '--setup-dns' is passed to the IPA server installer.
#
Also, triggers the install of the required dns server packages
.
# @param configure_ntp If false, then
the parameter '--no-ntp' is passed to the IPA server installer
.
# @param custom_dns_forwarders Each element in this array is prefixed with
'
--forwarder
'
and passed to the IPA server installer.
# If true, then
install and configure an integrated DNS server, create DNS zone specified by `domain`,
#
and fill it with service records necessary for IPA deployment
.
# @param configure_ntp If false, then
do not configure NTP
.
# @param custom_dns_forwarders Each element in this array is prefixed with
`
--forwarder
`
and passed to the IPA server installer.
# @param principal_usedto_joindomain The principal (usually username) used to join a client or replica to the IPA domain.
# @param password_usedto_joindomain The password for the domain_join_principal.
# @param enable_hostname
# If true, then the
parameter '
--hostname
'
is populated with the parameter
'
ipa_server_fqdn
'
# If true, then the
installer flag `
--hostname
`
is populated with the parameter
`
ipa_server_fqdn
`
# and passed to the IPA installer.
# @param enable_ip_address
# If true, then the
parameter '
--ip-address
'
is populated with the parameter
'
ip_address
'
# If true, then the
installer flag `
--ip-address
`
is populated with the parameter
`
ip_address
`
# and passed to the IPA installer.
# @param fixed_primary If true, then the parameter '--fixed-primary' is passed to the IPA installer.
# @param fixed_primary
# If true, on client it configure SSSD to use a fixed server as the primary IPA server.
# The default behavior of client is to use DNS SRV records to determine the primary server to use.
# @param idstart From the IPA man pages: "The starting user and group id number".
# @param install_autofs If true, then the autofs packages are installed.
# @param install_epel If true, then the epel repo is installed. The epel repo is usually required for sssd packages.
# @param install_sssdtools If true, then the sssdtools packages are installed.
# @param ipa_client_package_name Name of the IPA client package.
# @param ipa_server_package_name Name of the IPA server package.
# @param install_ipa_client If true, then the IPA client packages are installed if the parameter
'
ipa_role
'
is set to
'
client
'
.
# @param install_ipa_server If true, then the IPA server packages are installed if the parameter
'
ipa_role
'
is not set to
'
client
'
.
# @param install_ipa_client If true, then the IPA client packages are installed if the parameter
`
ipa_role
`
is set to
`
client
`
.
# @param install_ipa_server If true, then the IPA server packages are installed if the parameter
`
ipa_role
`
is not set to
`
client
`
.
# @param install_sssd If true, then the sssd packages are installed.
# @param ip_address IP address to pass to the IPA installer.
# @param ipa_server_fqdn Actual fqdn of the IPA server or client.
# @param ip_address
# The IP address of this server.
# If this address does not match the address the host resolves to and `configure_dns_server` is not `true`, the installation will fail.
# @param ipa_server_fqdn Actual fqdn of the IPA server.
# @param ldaputils_package_name Name of the ldaputils package.
# @param ipa_master_fqdn FQDN of the server to use for a client or replica domain join.
# @param manage_host_entry If true, then a host entry is created using the parameters
'
ipa_server_fqdn
'
and
'
ip_address
'
.
# @param mkhomedir If true,
then the parameter '--mk
homedir
' is passed to the IPA client installer
.
# @param manage_host_entry If true, then a host entry is created using the parameters
`
ipa_server_fqdn
`
and
`
ip_address
`
.
# @param mkhomedir If true,
on client configure PAM to create a users
home
dir
ectory if it does not exist
.
# @param webui_redirect If true, then web requests to URL root / will be redirected to webui https://example.com/ipa/ui.
# @param realm The name of the IPA realm to create or join.
# @param server_install_ldaputils If true, then the ldaputils packages are installed if ipa_role is not set to client.
# @param sssd_package_name Name of the sssd package.
# @param sssdtools_package_name Name of the sssdtools package.
# @param install_ca If true,
then the parameter '--setup-ca' is passed to the IPA server installer (for
replica
s)
# @param install_ca If true,
install and configure a CA even on
replica
.
#
class
freeipa
(
Stdlib
::
Fqdn
$domain
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment