diff --git a/REFERENCE.md b/REFERENCE.md index 4dea584c294ce7acd9e075680ea737337fee2219..6bd21a2ecb3b4bc0e2537bc7d4eaab2d67b2a001 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1,16 +1,17 @@ # Reference + ## Table of Contents -**Classes** +### Classes -_Public Classes_ +#### Public Classes * [`freeipa`](#freeipa): Manages IPA masters, replicas and clients. * [`freeipa::helpers::flushcache`](#freeipahelpersflushcache): Flushcache sss for Debian and RedHat only -_Private Classes_ +#### Private Classes * `freeipa::install`: Installs the packages needed for servers and clients * `freeipa::install::client`: Install freeipa client @@ -18,13 +19,13 @@ _Private Classes_ * `freeipa::install::server::master`: Installs freeipa server as master * `freeipa::install::server::replica`: Installs freeipa server as replica -**Tasks** +### Tasks * [`manage_admin`](#manage_admin): Manage (create or delete) a FreeIPA admin account ## Classes -### freeipa +### `freeipa` Parameters ---------- @@ -83,7 +84,7 @@ Data type: `String` Name of the autofs package to install if enabled. -Default value: 'autofs' +Default value: `'autofs'` ##### `client_install_ldaputils` @@ -91,7 +92,7 @@ Data type: `Boolean` If true, then the ldaputils packages are installed if ipa_role is set to client. -Default value: `false` +Default value: ``false`` ##### `configure_dns_server` @@ -100,7 +101,7 @@ Data type: `Boolean` If true, then install and configure an integrated DNS server, create DNS zone specified by `domain`, and fill it with service records necessary for IPA deployment. -Default value: `true` +Default value: ``true`` ##### `configure_ntp` @@ -108,7 +109,7 @@ Data type: `Boolean` If false, then do not configure NTP. -Default value: `true` +Default value: ``true`` ##### `custom_dns_forwarders` @@ -116,7 +117,7 @@ Data type: `Array[String]` Each element in this array is prefixed with `--forwarder` and passed to the IPA server installer. -Default value: [] +Default value: `[]` ##### `principal_usedto_joindomain` @@ -124,7 +125,7 @@ Data type: `String` The principal (usually username) used to join a client or replica to the IPA domain. -Default value: 'admin' +Default value: `'admin'` ##### `password_usedto_joindomain` @@ -132,7 +133,7 @@ Data type: `String` The password for the domain_join_principal. -Default value: $puppet_admin_password +Default value: `$puppet_admin_password` ##### `enable_hostname` @@ -141,7 +142,7 @@ Data type: `Boolean` If true, then the installer flag `--hostname` is populated with the parameter `ipa_server_fqdn` and passed to the IPA installer. -Default value: `true` +Default value: ``true`` ##### `enable_ip_address` @@ -150,7 +151,7 @@ Data type: `Boolean` If true, then the installer flag `--ip-address` is populated with the parameter `ip_address` and passed to the IPA installer. -Default value: `false` +Default value: ``false`` ##### `fixed_primary` @@ -159,7 +160,7 @@ Data type: `Boolean` If true, on client it configure SSSD to use a fixed server as the primary IPA server. The default behavior of client is to use DNS SRV records to determine the primary server to use. -Default value: `false` +Default value: ``false`` ##### `idstart` @@ -167,7 +168,7 @@ Data type: `Integer[10000]` From the IPA man pages: "The starting user and group id number". -Default value: 10000 +Default value: `10000` ##### `install_autofs` @@ -175,7 +176,7 @@ Data type: `Boolean` If true, then the autofs packages are installed. -Default value: `false` +Default value: ``false`` ##### `install_epel` @@ -183,7 +184,7 @@ Data type: `Boolean` If true, then the epel repo is installed. The epel repo is usually required for sssd packages. -Default value: `true` +Default value: ``true`` ##### `install_sssdtools` @@ -191,7 +192,7 @@ Data type: `Boolean` If true, then the sssdtools packages are installed. -Default value: `true` +Default value: ``true`` ##### `ipa_client_package_name` @@ -199,7 +200,7 @@ Data type: `String` Name of the IPA client package. -Default value: $facts['os']['family'] +Default value: `$facts['os']['family']` ##### `ipa_server_package_name` @@ -207,7 +208,7 @@ Data type: `String` Name of the IPA server package. -Default value: 'ipa-server' +Default value: `'ipa-server'` ##### `install_ipa_client` @@ -215,7 +216,7 @@ Data type: `Boolean` If true, then the IPA client packages are installed if the parameter `ipa_role` is set to `client`. -Default value: `true` +Default value: ``true`` ##### `install_ipa_server` @@ -223,7 +224,7 @@ Data type: `Boolean` If true, then the IPA server packages are installed if the parameter `ipa_role` is not set to `client`. -Default value: `true` +Default value: ``true`` ##### `install_sssd` @@ -231,7 +232,7 @@ Data type: `Boolean` If true, then the sssd packages are installed. -Default value: `true` +Default value: ``true`` ##### `ip_address` @@ -244,9 +245,9 @@ If this address does not match the address the host resolves to and `configure_d Data type: `Stdlib::Fqdn` -Actual fqdn of the IPA server. +Actual fqdn of the IPA server being configured. -Default value: $facts['networking']['fqdn'] +Default value: `$facts['networking']['fqdn']` ##### `ldaputils_package_name` @@ -254,7 +255,7 @@ Data type: `String` Name of the ldaputils package. -Default value: $facts['os']['family'] +Default value: `$facts['os']['family']` ##### `ipa_master_fqdn` @@ -268,7 +269,7 @@ Data type: `Boolean` If true, then a host entry is created using the parameters `ipa_server_fqdn` and `ip_address`. -Default value: `false` +Default value: ``false`` ##### `mkhomedir` @@ -276,7 +277,7 @@ Data type: `Boolean` If true, on client configure PAM to create a users home directory if it does not exist. -Default value: `true` +Default value: ``true`` ##### `webui_redirect` @@ -284,7 +285,7 @@ Data type: `Boolean` If true, then web requests to URL root / will be redirected to webui https://example.com/ipa/ui. -Default value: `true` +Default value: ``true`` ##### `realm` @@ -292,7 +293,7 @@ Data type: `Stdlib::Fqdn` The name of the IPA realm to create or join. -Default value: upcase($domain) +Default value: `upcase($domain)` ##### `server_install_ldaputils` @@ -300,7 +301,7 @@ Data type: `Boolean` If true, then the ldaputils packages are installed if ipa_role is not set to client. -Default value: `true` +Default value: ``true`` ##### `sssd_package_name` @@ -308,7 +309,7 @@ Data type: `String` Name of the sssd package. -Default value: 'sssd-common' +Default value: `'sssd-common'` ##### `sssdtools_package_name` @@ -316,7 +317,7 @@ Data type: `String` Name of the sssdtools package. -Default value: 'sssd-tools' +Default value: `'sssd-tools'` ##### `install_ca` @@ -324,9 +325,9 @@ Data type: `Boolean` If true, install and configure a CA even on replica. -Default value: `true` +Default value: ``true`` -### freeipa::helpers::flushcache +### `freeipa::helpers::flushcache` Flushcache sss for Debian and RedHat only @@ -340,7 +341,7 @@ include freeipa::helpers::flushcache ## Tasks -### manage_admin +### `manage_admin` Manage (create or delete) a FreeIPA admin account diff --git a/manifests/init.pp b/manifests/init.pp index f0e3a9fbef8959b84cd6fb831236a8972b24c450..8d8030ebe94d3b3a5e7105d9c80beb5862fbb91f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -52,7 +52,7 @@ # @param ip_address # The IP address of this server. # If this address does not match the address the host resolves to and `configure_dns_server` is not `true`, the installation will fail. -# @param ipa_server_fqdn Actual fqdn of the IPA server. +# @param ipa_server_fqdn Actual fqdn of the IPA server being configured. # @param ldaputils_package_name Name of the ldaputils package. # @param ipa_master_fqdn FQDN of the server to use for a client or replica domain join. # @param manage_host_entry If true, then a host entry is created using the parameters `ipa_server_fqdn` and `ip_address`. diff --git a/manifests/install/client.pp b/manifests/install/client.pp index cead3e8f2a4d5048f50f100049887a2de2da4cf2..28df505340c24dcd55ebb03da9dbae0812cf8d3c 100644 --- a/manifests/install/client.pp +++ b/manifests/install/client.pp @@ -38,7 +38,14 @@ class freeipa::install::client { $client_install_cmd_opts_no_ntp = '--no-ntp' } - $client_install_cmd = "/usr/sbin/ipa-client-install \ + if $freeipa::enable_hostname { + $client_install_cmd_opts_hostname = "--hostname=${freeipa::ipa_server_fqdn}" + end + } else { + $client_install_cmd_opts_hostname = '' + } + + $client_install_cmd = "/usr/sbin/ipa-client-install \ --server=${freeipa::ipa_master_fqdn} \ --realm=${freeipa::realm} \ --domain=${freeipa::domain} \ @@ -47,9 +54,10 @@ class freeipa::install::client { ${client_install_cmd_opts_mkhomedir} \ ${client_install_cmd_opts_fixed_primary} \ ${client_install_cmd_opts_no_ntp} \ + ${client_install_cmd_opts_hostname} \ --unattended" - exec { "client_install_${::fqdn}": + exec { "client_install_${facts['fqdn']}": command => $client_install_cmd, timeout => 0, unless => "cat /etc/ipa/default.conf | grep -i \"${freeipa::domain}\"", diff --git a/spec/classes/install/client_spec.rb b/spec/classes/install/client_spec.rb index c3130f589b3028f3d892e72de6708fcdfa5bac5e..b5f5c118fcf93b244f0d3ecda1e8df06678cacff 100644 --- a/spec/classes/install/client_spec.rb +++ b/spec/classes/install/client_spec.rb @@ -1,17 +1,19 @@ require 'spec_helper' +ipa_node = 'foo.example.com' + describe 'freeipa::install::client' do context 'with node not yet configured' do - on_supported_os.each do |os, os_facts| + on_supported_os.each do |os, facts| context "on #{os}" do - let(:facts) { os_facts } + let(:facts) { facts } let(:pre_condition) do manifest = <<-EOS class{ 'freeipa' : ipa_role => 'client', - ipa_master_fqdn => 'master.example.lan', - ipa_server_fqdn => 'foo.example.lan', - domain => 'example.lan', + ipa_master_fqdn => 'master.example.com', + ipa_server_fqdn => '#{ipa_node}', + domain => 'example.com', password_usedto_joindomain => 'foobartest', puppet_admin_password => 'foobartest', directory_services_password => 'foobartest', @@ -22,6 +24,7 @@ describe 'freeipa::install::client' do end it { is_expected.to compile } + it { is_expected.to contain_exec("client_install_#{ipa_node}").with('command' => %r{.*hostname=#{ipa_node}.*}) } end end end @@ -34,9 +37,9 @@ describe 'freeipa::install::client' do manifest = <<-EOS class{ 'freeipa' : ipa_role => 'client', - ipa_master_fqdn => 'master.example.lan', - ipa_server_fqdn => 'foo.example.lan', - domain => 'example.lan', + ipa_master_fqdn => 'master.example.com', + ipa_server_fqdn => 'foo.example.com', + domain => 'example.com', password_usedto_joindomain => 'foobartest', puppet_admin_password => 'foobartest', directory_services_password => 'foobartest', @@ -59,9 +62,9 @@ describe 'freeipa::install::client' do manifest = <<-EOS class{ 'freeipa' : ipa_role => 'client', - ipa_master_fqdn => 'master.example.lan', - ipa_server_fqdn => 'foo.example.lan', - domain => 'example.lan', + ipa_master_fqdn => 'master.example.com', + ipa_server_fqdn => 'foo.example.com', + domain => 'example.com', password_usedto_joindomain => 'foobartest', puppet_admin_password => 'foobartest', directory_services_password => 'foobartest',