diff --git a/manifests/config/admin_user.pp b/manifests/config/admin_user.pp
index 0ec620036c475d3cb5ba3b55d0adea033c61701d..5b8aca93f0f5fc805f5cda3ccd331ac8f806197f 100644
--- a/manifests/config/admin_user.pp
+++ b/manifests/config/admin_user.pp
@@ -51,7 +51,7 @@ class freeipa::config::admin_user {
exec { 'configure_admin_keytab':
command => $configure_admin_keytab_cmd,
cwd => $home_dir_path,
- unless => shellquote('/usr/bin/kvno','-k',"${home_dir_path}/admin.keytab","admin@${freeipa::final_realm}"),
+ unless => shellquote('/usr/bin/kvno','-k',"${home_dir_path}/admin.keytab","admin@${freeipa::realm}"),
notify => Exec['chown_admin_keytab'],
refreshonly => true,
require => Cron['k5start_admin'],
@@ -67,7 +67,7 @@ class freeipa::config::admin_user {
}
$k5start_admin_keytab_cmd = "/sbin/runuser -l admin -c \"/usr/bin/k5start -f ${home_dir_path}/admin.keytab -U\""
- $k5start_admin_keytab_cmd_unless = "/sbin/runuser -l admin -c /usr/bin/klist | grep -i krbtgt\\/${freeipa::final_realm}\\@"
+ $k5start_admin_keytab_cmd_unless = "/sbin/runuser -l admin -c /usr/bin/klist | grep -i krbtgt\\/${freeipa::realm}\\@"
exec { 'k5start_admin_keytab':
command => $k5start_admin_keytab_cmd,
cwd => $home_dir_path,
diff --git a/manifests/init.pp b/manifests/init.pp
index 567c542c1179c6d98c4ace2ac8cde930543e5dc2..05a7bf1c58d6227753baae1fbe7e08cd7a109909 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -17,8 +17,8 @@
# Also, triggers the install of the required dns server packages.
# @param configure_ntp If false, then the parameter '--no-ntp' is passed to the IPA server installer.
# @param custom_dns_forwarders Each element in this array is prefixed with '--forwarder' and passed to the IPA server installer.
-# @param domain_join_principal The principal (usually username) used to join a client or replica to the IPA domain.
-# @param domain_join_password The password for the domain_join_principal.
+# @param principal_usedto_joindomain The principal (usually username) used to join a client or replica to the IPA domain.
+# @param password_usedto_joindomain The password for the domain_join_principal.
# @param enable_hostname If true, then the parameter '--hostname' is populated with the parameter 'ipa_server_fqdn'
# and passed to the IPA installer.
# @param enable_ip_address If true, then the parameter '--ip-address' is populated with the parameter 'ip_address'
@@ -58,93 +58,74 @@
#
#
class freeipa (
- Stdlib::Fqdn $domain = 'default',
- String $ipa_role = 'default',
- String $admin_password = '',
- String $directory_services_password = '',
- String $autofs_package_name = 'autofs',
- Boolean $client_install_ldaputils = false,
- Boolean $configure_dns_server = true,
- Boolean $configure_ntp = true,
- Array[String] $custom_dns_forwarders = [],
- String $domain_join_principal = '',
- String $domain_join_password = '',
- Boolean $enable_hostname = true,
- Boolean $enable_ip_address = false,
- Boolean $fixed_primary = false,
- Integer $idstart = 10000,
- Boolean $install_autofs = false,
- Boolean $install_epel = true,
- Boolean $install_kstart = true,
- Boolean $install_sssdtools = true,
- String $ipa_client_package_name = $::osfamily ? {
+ Stdlib::Fqdn $domain,
+ Enum['master','replica','client'] $ipa_role,
+ String[8] $admin_password,
+ String[8] $directory_services_password,
+ Stdlib::IP::Address::V4 $ip_address,
+ Stdlib::Fqdn $ipa_master_fqdn,
+ Stdlib::Fqdn $realm = $domain,
+ String $autofs_package_name = 'autofs',
+ Boolean $client_install_ldaputils = false,
+ Boolean $configure_dns_server = true,
+ Boolean $configure_ntp = true,
+ Array[String] $custom_dns_forwarders = [],
+ String $principal_usedto_joindomain = 'admin',
+ String $password_usedto_joindomain = $directory_services_password,
+ Boolean $enable_hostname = true,
+ Boolean $enable_ip_address = false,
+ Boolean $fixed_primary = false,
+ Integer[10000] $idstart = 10000,
+ Boolean $install_autofs = false,
+ Boolean $install_epel = true,
+ Boolean $install_kstart = true,
+ Boolean $install_sssdtools = true,
+ String $ipa_client_package_name = $facts['os']['family'] ? {
'Debian' => 'freeipa-client',
default => 'ipa-client',
},
- String $ipa_server_package_name = 'ipa-server',
- Boolean $install_ipa_client = true,
- Boolean $install_ipa_server = true,
- Boolean $install_sssd = true,
- Stdlib::IP::Address::V4 $ip_address = '0.0.0.0',
- Stdlib::Fqdn $ipa_server_fqdn = $::fqdn,
- String $kstart_package_name = 'kstart',
- String $ldaputils_package_name = $::osfamily ? {
+ String $ipa_server_package_name = 'ipa-server',
+ Boolean $install_ipa_client = true,
+ Boolean $install_ipa_server = true,
+ Boolean $install_sssd = true,
+ Stdlib::Fqdn $ipa_server_fqdn = $facts['fqdn'],
+ String $kstart_package_name = 'kstart',
+ String $ldaputils_package_name = $facts['os']['family'] ? {
'Debian' => 'ldap-utils',
default => 'openldap-clients',
},
- Stdlib::Fqdn $ipa_master_fqdn = 'default',
- Boolean $manage_host_entry = false,
- Boolean $mkhomedir = true,
- Boolean $no_ui_redirect = false,
- Stdlib::Fqdn $realm = 'default',
- Boolean $server_install_ldaputils = true,
- String $sssd_package_name = 'sssd-common',
- String $sssdtools_package_name = 'sssd-tools',
- Boolean $webui_disable_kerberos = false,
- Boolean $webui_enable_proxy = false,
- Boolean $webui_force_https = false,
- Stdlib::Fqdn $webui_proxy_external_fqdn = 'localhost',
- String $webui_proxy_https_port = '8440',
+ Boolean $manage_host_entry = false,
+ Boolean $mkhomedir = true,
+ Boolean $no_ui_redirect = false,
+ Boolean $server_install_ldaputils = true,
+ String $sssd_package_name = 'sssd-common',
+ String $sssdtools_package_name = 'sssd-tools',
+ Boolean $webui_disable_kerberos = false,
+ Boolean $webui_enable_proxy = false,
+ Boolean $webui_force_https = false,
+ Stdlib::Fqdn $webui_proxy_external_fqdn = 'localhost',
+ String $webui_proxy_https_port = '8440',
) {
if $facts['kernel'] != 'Linux' or $facts['osfamily'] == 'Windows' {
fail('This module is only supported on Linux.')
}
- if $realm != 'default'{
- $final_realm = $realm
- } else {
- $final_realm = upcase($domain)
- }
-
$master_principals = suffix(
prefix(
[$ipa_server_fqdn],
'host/'
),
- "@${final_realm}"
+ "@${realm}"
)
- if $domain_join_principal != '' {
- $final_domain_join_principal = $domain_join_principal
- } else {
- $final_domain_join_principal = 'admin'
- }
-
- if $domain_join_password != '' {
- $final_domain_join_password = $domain_join_password
- } else {
- $final_domain_join_password = $directory_services_password
- }
-
if $ipa_role == 'client' {
$final_configure_dns_server = false
} else {
$final_configure_dns_server = $configure_dns_server
}
- class {'::freeipa::validate_params':}
- -> class {'::freeipa::install':}
+ class {'::freeipa::install':}
}
diff --git a/manifests/install/client.pp b/manifests/install/client.pp
index 1b9263cbb0b05ff70c238cfb30093b5245b4f621..7d559e9ef52b1befc9ec22e70696456b1537f94d 100644
--- a/manifests/install/client.pp
+++ b/manifests/install/client.pp
@@ -41,10 +41,10 @@ class freeipa::install::client {
$client_install_cmd = "/usr/sbin/ipa-client-install \
--server=${freeipa::ipa_master_fqdn} \
- --realm=${freeipa::final_realm} \
+ --realm=${freeipa::realm} \
--domain=${freeipa::domain} \
- --principal='${freeipa::final_domain_join_principal}' \
- --password='${freeipa::final_domain_join_password}' \
+ --principal='${freeipa::principal_usedto_joindomain}' \
+ --password='${freeipa::password_usedto_joindomain}' \
${client_install_cmd_opts_mkhomedir} \
${client_install_cmd_opts_fixed_primary} \
${client_install_cmd_opts_no_ntp} \
diff --git a/manifests/install/server/master.pp b/manifests/install/server/master.pp
index 8480966cee7efee660e18926a89e443aa7e09f92..f04a7099309a5a19aa652254512fd54a0078386c 100644
--- a/manifests/install/server/master.pp
+++ b/manifests/install/server/master.pp
@@ -9,7 +9,7 @@ class freeipa::install::server::master {
$server_install_cmd = "\
/usr/sbin/ipa-server-install \
${freeipa::install::server::server_install_cmd_opts_hostname} \
- --realm=${freeipa::final_realm} \
+ --realm=${freeipa::realm} \
--domain=${freeipa::domain} \
--admin-password='${freeipa::admin_password}' \
--ds-password='${freeipa::directory_services_password}' \
diff --git a/manifests/install/server/replica.pp b/manifests/install/server/replica.pp
index 61cd7251678bb9cbe7ea6ce5436362b2e46d2cd9..fd6744949685302dcc68c661d61b5865b0f63742 100644
--- a/manifests/install/server/replica.pp
+++ b/manifests/install/server/replica.pp
@@ -6,10 +6,10 @@
# include freeipa::install::server::replica
class freeipa::install::server::replica {
$replica_install_cmd = "/usr/sbin/ipa-replica-install \
- --principal=${freeipa::final_domain_join_principal} \
- --admin-password='${freeipa::final_domain_join_password}' \
+ --principal=${freeipa::principal_usedto_joindomain} \
+ --admin-password='${freeipa::password_usedto_joindomain}' \
${freeipa::install::server::server_install_cmd_opts_hostname} \
- --realm=${freeipa::final_realm} \
+ --realm=${freeipa::realm} \
--domain=${freeipa::domain} \
--server=${freeipa::ipa_master_fqdn} \
${freeipa::install::server::server_install_cmd_opts_setup_dns} \
diff --git a/manifests/validate_params.pp b/manifests/validate_params.pp
deleted file mode 100644
index fb1b0f5462e3e768add0ce558281e90930b56aec..0000000000000000000000000000000000000000
--- a/manifests/validate_params.pp
+++ /dev/null
@@ -1,51 +0,0 @@
-# A description of what this class does
-# Validates input configs from init.pp.
-#
-# @summary Validates input configs from init.pp.
-#
-# @example
-# include freeipa::validate_params
-class freeipa::validate_params {
-
- case $freeipa::ipa_role {
- 'client': {}
- 'master': {}
- 'replica': {}
- default: {fail('The parameter ipa_role must be set to client, master, or replica.')}
- }
-
- if $freeipa::manage_host_entry {
- if $freeipa::ip_address == '0.0.0.0' {
- fail('When using the parameter manage_host_entry, the parameter ip_address is mandatory.')
- }
- }
-
-
- if $freeipa::idstart < 10000 {
- fail('Parameter "idstart" must be an integer greater than 10000.')
- }
-
- if $freeipa::ipa_role == 'master' {
- if length($freeipa::admin_password) < 8 {
- fail('When ipa_role is set to master, the parameter admin_password must be populated and at least of length 8.')
- }
-
- if length($freeipa::directory_services_password) < 8 {
- fail("\
-When ipa_role is set to master, the parameter directory_services_password \
-must be populated and at least of length 8."
- )
- }
- }
-
- if $freeipa::ipa_role != 'master' { # if replica or client
-
- if $freeipa::ipa_master_fqdn == 'default'{
- fail("When creating a ${freeipa::ipa_role} the parameter named ipa_master_fqdn must be set.")
- }
-
- if $freeipa::final_domain_join_password == '' {
- fail("When creating a ${freeipa::ipa_role} the parameter named domain_join_password cannot be empty.")
- }
- }
-}