Finish to apply modification on datatytpes in manifests

985b34b8 · Scott Barthelemy · 7681745f · 985b34b8 · 985b34b8 · 985b34b8
Commit 985b34b8 authored 6 years ago by Scott Barthelemy
--- a/manifests/config/admin_user.pp
+++ b/manifests/config/admin_user.pp
@@ -51,7 +51,7 @@ class freeipa::config::admin_user {
  exec { 'configure_admin_keytab':
    command     => $configure_admin_keytab_cmd,
    cwd         => $home_dir_path,
-    unless      => shellquote('/usr/bin/kvno','-k',"${home_dir_path}/admin.keytab","admin@${freeipa::final_realm}"),
+    unless      => shellquote('/usr/bin/kvno','-k',"${home_dir_path}/admin.keytab","admin@${freeipa::realm}"),
    notify      => Exec['chown_admin_keytab'],
    refreshonly => true,
    require     => Cron['k5start_admin'],
@@ -67,7 +67,7 @@ class freeipa::config::admin_user {
  }

  $k5start_admin_keytab_cmd = "/sbin/runuser -l admin -c \"/usr/bin/k5start -f ${home_dir_path}/admin.keytab -U\""
-  $k5start_admin_keytab_cmd_unless = "/sbin/runuser -l admin -c /usr/bin/klist | grep -i krbtgt\\/${freeipa::final_realm}\\@"
+  $k5start_admin_keytab_cmd_unless = "/sbin/runuser -l admin -c /usr/bin/klist | grep -i krbtgt\\/${freeipa::realm}\\@"
  exec { 'k5start_admin_keytab':
    command => $k5start_admin_keytab_cmd,
    cwd     => $home_dir_path,

--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -17,8 +17,8 @@
 # Also, triggers the install of the required dns server packages.
 # @param configure_ntp If false, then the parameter '--no-ntp' is passed to the IPA server installer.
 # @param custom_dns_forwarders Each element in this array is prefixed with '--forwarder' and passed to the IPA server installer.
-# @param domain_join_principal The principal (usually username) used to join a client or replica to the IPA domain.
-# @param domain_join_password The password for the domain_join_principal.
+# @param principal_usedto_joindomain The principal (usually username) used to join a client or replica to the IPA domain.
+# @param password_usedto_joindomain The password for the domain_join_principal.
 # @param enable_hostname If true, then the parameter '--hostname' is populated with the parameter 'ipa_server_fqdn' 
 # and passed to the IPA installer.
 # @param enable_ip_address If true, then the parameter '--ip-address' is populated with the parameter 'ip_address' 
@@ -58,93 +58,74 @@
 #
 #
 class freeipa (
-  Stdlib::Fqdn                   $domain                             = 'default',
-  String                         $ipa_role                           = 'default',
-  String                         $admin_password                     = '',
-  String                         $directory_services_password        = '',
-  String                         $autofs_package_name                = 'autofs',
-  Boolean                        $client_install_ldaputils           = false,
-  Boolean                        $configure_dns_server               = true,
-  Boolean                        $configure_ntp                      = true,
-  Array[String]                  $custom_dns_forwarders              = [],
-  String                         $domain_join_principal              = '',
-  String                         $domain_join_password               = '',
-  Boolean                        $enable_hostname                    = true,
-  Boolean                        $enable_ip_address                  = false,
-  Boolean                        $fixed_primary                      = false,
-  Integer                        $idstart                            = 10000,
-  Boolean                        $install_autofs                     = false,
-  Boolean                        $install_epel                       = true,
-  Boolean                        $install_kstart                     = true,
-  Boolean                        $install_sssdtools                  = true,
-  String                         $ipa_client_package_name            = $::osfamily ? {
+  Stdlib::Fqdn                             $domain,
+  Enum['master','replica','client']        $ipa_role,
+  String[8]                                $admin_password,
+  String[8]                                $directory_services_password,
+  Stdlib::IP::Address::V4                  $ip_address,
+  Stdlib::Fqdn                             $ipa_master_fqdn,
+  Stdlib::Fqdn                             $realm                              = $domain,
+  String                                   $autofs_package_name                = 'autofs',
+  Boolean                                  $client_install_ldaputils           = false,
+  Boolean                                  $configure_dns_server               = true,
+  Boolean                                  $configure_ntp                      = true,
+  Array[String]                            $custom_dns_forwarders              = [],
+  String                                   $principal_usedto_joindomain        = 'admin',
+  String                                   $password_usedto_joindomain         = $directory_services_password,
+  Boolean                                  $enable_hostname                    = true,
+  Boolean                                  $enable_ip_address                  = false,
+  Boolean                                  $fixed_primary                      = false,
+  Integer[10000]                           $idstart                            = 10000,
+  Boolean                                  $install_autofs                     = false,
+  Boolean                                  $install_epel                       = true,
+  Boolean                                  $install_kstart                     = true,
+  Boolean                                  $install_sssdtools                  = true,
+  String                                   $ipa_client_package_name            = $facts['os']['family'] ? {
    'Debian' => 'freeipa-client',
    default  => 'ipa-client',
  },
-  String                         $ipa_server_package_name            = 'ipa-server',
-  Boolean                        $install_ipa_client                 = true,
-  Boolean                        $install_ipa_server                 = true,
-  Boolean                        $install_sssd                       = true,
-  Stdlib::IP::Address::V4        $ip_address                         = '0.0.0.0',
-  Stdlib::Fqdn                   $ipa_server_fqdn                    = $::fqdn,
-  String                         $kstart_package_name                = 'kstart',
-  String                         $ldaputils_package_name             = $::osfamily ? {
+  String                                   $ipa_server_package_name            = 'ipa-server',
+  Boolean                                  $install_ipa_client                 = true,
+  Boolean                                  $install_ipa_server                 = true,
+  Boolean                                  $install_sssd                       = true,
+  Stdlib::Fqdn                             $ipa_server_fqdn                    = $facts['fqdn'],
+  String                                   $kstart_package_name                = 'kstart',
+  String                                   $ldaputils_package_name             = $facts['os']['family'] ? {
    'Debian' => 'ldap-utils',
    default  => 'openldap-clients',
  },
-  Stdlib::Fqdn                   $ipa_master_fqdn                    = 'default',
-  Boolean                        $manage_host_entry                  = false,
-  Boolean                        $mkhomedir                          = true,
-  Boolean                        $no_ui_redirect                     = false,
-  Stdlib::Fqdn                   $realm                              = 'default',
-  Boolean                        $server_install_ldaputils           = true,
-  String                         $sssd_package_name                  = 'sssd-common',
-  String                         $sssdtools_package_name             = 'sssd-tools',
-  Boolean                        $webui_disable_kerberos             = false,
-  Boolean                        $webui_enable_proxy                 = false,
-  Boolean                        $webui_force_https                  = false,
-  Stdlib::Fqdn                   $webui_proxy_external_fqdn          = 'localhost',
-  String                         $webui_proxy_https_port             = '8440',
+  Boolean                                  $manage_host_entry                  = false,
+  Boolean                                  $mkhomedir                          = true,
+  Boolean                                  $no_ui_redirect                     = false,
+  Boolean                                  $server_install_ldaputils           = true,
+  String                                   $sssd_package_name                  = 'sssd-common',
+  String                                   $sssdtools_package_name             = 'sssd-tools',
+  Boolean                                  $webui_disable_kerberos             = false,
+  Boolean                                  $webui_enable_proxy                 = false,
+  Boolean                                  $webui_force_https                  = false,
+  Stdlib::Fqdn                             $webui_proxy_external_fqdn          = 'localhost',
+  String                                   $webui_proxy_https_port             = '8440',
 ) {

  if $facts['kernel'] != 'Linux' or $facts['osfamily'] == 'Windows' {
    fail('This module is only supported on Linux.')
  }

-  if $realm != 'default'{
-    $final_realm = $realm
-  } else {
-    $final_realm = upcase($domain)
-  }
-
  $master_principals = suffix(
    prefix(
      [$ipa_server_fqdn],
      'host/'
    ),
-    "@${final_realm}"
+    "@${realm}"
  )

-  if $domain_join_principal != '' {
-    $final_domain_join_principal = $domain_join_principal
-  } else {
-    $final_domain_join_principal = 'admin'
-  }
-
-  if $domain_join_password != '' {
-    $final_domain_join_password = $domain_join_password
-  } else {
-    $final_domain_join_password = $directory_services_password
-  }
-
  if $ipa_role == 'client' {
    $final_configure_dns_server = false
  } else {
    $final_configure_dns_server = $configure_dns_server
  }

-  class {'::freeipa::validate_params':}
-  -> class {'::freeipa::install':}
+  class {'::freeipa::install':}

 }

--- a/manifests/install/client.pp
+++ b/manifests/install/client.pp
@@ -41,10 +41,10 @@ class freeipa::install::client {

    $client_install_cmd = "/usr/sbin/ipa-client-install \
  --server=${freeipa::ipa_master_fqdn} \
-  --realm=${freeipa::final_realm} \
+  --realm=${freeipa::realm} \
  --domain=${freeipa::domain} \
-  --principal='${freeipa::final_domain_join_principal}' \
-  --password='${freeipa::final_domain_join_password}' \
+  --principal='${freeipa::principal_usedto_joindomain}' \
+  --password='${freeipa::password_usedto_joindomain}' \
  ${client_install_cmd_opts_mkhomedir} \
  ${client_install_cmd_opts_fixed_primary} \
  ${client_install_cmd_opts_no_ntp} \

--- a/manifests/install/server/master.pp
+++ b/manifests/install/server/master.pp
@@ -9,7 +9,7 @@ class freeipa::install::server::master {
  $server_install_cmd = "\
 /usr/sbin/ipa-server-install \
  ${freeipa::install::server::server_install_cmd_opts_hostname} \
-  --realm=${freeipa::final_realm} \
+  --realm=${freeipa::realm} \
  --domain=${freeipa::domain} \
  --admin-password='${freeipa::admin_password}' \
  --ds-password='${freeipa::directory_services_password}' \

--- a/manifests/install/server/replica.pp
+++ b/manifests/install/server/replica.pp
@@ -6,10 +6,10 @@
 #   include freeipa::install::server::replica
 class freeipa::install::server::replica {
  $replica_install_cmd = "/usr/sbin/ipa-replica-install \
-  --principal=${freeipa::final_domain_join_principal} \
-  --admin-password='${freeipa::final_domain_join_password}' \
+  --principal=${freeipa::principal_usedto_joindomain} \
+  --admin-password='${freeipa::password_usedto_joindomain}' \
  ${freeipa::install::server::server_install_cmd_opts_hostname} \
-  --realm=${freeipa::final_realm} \
+  --realm=${freeipa::realm} \
  --domain=${freeipa::domain} \
  --server=${freeipa::ipa_master_fqdn} \
  ${freeipa::install::server::server_install_cmd_opts_setup_dns} \

--- a/manifests/validate_params.pp
+++ b/manifests/validate_params.pp
-# A description of what this class does
-# Validates input configs from init.pp.
-#
-# @summary Validates input configs from init.pp.
-#
-# @example
-#   include freeipa::validate_params
-class freeipa::validate_params {
-
-  case $freeipa::ipa_role {
-    'client': {}
-    'master': {}
-    'replica': {}
-    default: {fail('The parameter ipa_role must be set to client, master, or replica.')}
-  }
-
-  if $freeipa::manage_host_entry {
-    if $freeipa::ip_address  == '0.0.0.0' {
-      fail('When using the parameter manage_host_entry, the parameter ip_address is mandatory.')
-    }
-  }
-
-
-  if $freeipa::idstart < 10000 {
-    fail('Parameter "idstart" must be an integer greater than 10000.')
-  }
-
-  if $freeipa::ipa_role == 'master' {
-    if length($freeipa::admin_password) < 8 {
-      fail('When ipa_role is set to master, the parameter admin_password must be populated and at least of length 8.')
-    }
-
-    if length($freeipa::directory_services_password) < 8 {
-      fail("\
-When ipa_role is set to master, the parameter directory_services_password \
-must be populated and at least of length 8."
-      )
-    }
-  }
-
-  if $freeipa::ipa_role != 'master' { # if replica or client
-
-    if $freeipa::ipa_master_fqdn == 'default'{
-      fail("When creating a ${freeipa::ipa_role} the parameter named ipa_master_fqdn must be set.")
-    }
-
-    if $freeipa::final_domain_join_password == '' {
-      fail("When creating a ${freeipa::ipa_role} the parameter named domain_join_password cannot be empty.")
-    }
-  }
-}