Commit cc538da3 authored by Fabien Combernous's avatar Fabien Combernous

Merge branch '108-remove-unused-code-keytab' into 'master'

Resolve "remove unused code"

Closes #108

See merge request !107
parents 42ae6018 6e895d5c
Pipeline #6814 passed with stages
in 61 minutes and 38 seconds
#
# @summary Configures keytab for admin user on FreeIPA master.
#
# @example
# include freeipa::config::keytab
#
# @api private
#
class freeipa::config::keytab {
assert_private()
if $facts['iparole'] == 'master' or $freeipa::ipa_role == 'master' {
$_uid_number = $freeipa::idstart
$_home_dir_path = '/home/admin'
$_admin_keytab = "${_home_dir_path}/admin.keytab"
# Ensure admin homedir and keytab files.
file { $_home_dir_path:
ensure => directory,
mode => '0700',
owner => $_uid_number,
group => $_uid_number,
require => Exec["server_install_${freeipa::ipa_server_fqdn}"],
}
# Set keytab for admin user.
exec { 'ktadd admin keytab':
command => "/usr/sbin/kadmin.local -q \"ktadd -norandkey -k ${_admin_keytab} admin\"",
cwd => $_home_dir_path,
unless => "/usr/bin/kvno -k ${_admin_keytab} admin@${freeipa::realm}",
require => File[$_home_dir_path],
notify => File[$_admin_keytab],
}
file { $_admin_keytab :
owner => $_uid_number,
group => $_uid_number,
mode => '0600',
require => File[$_home_dir_path],
}
} else {
# manage keytab only on master
}
}
......@@ -108,20 +108,12 @@ class freeipa (
fail('This module is only supported on Linux.')
}
$master_principals = suffix(
prefix(
[$ipa_server_fqdn],
'host/'
),
"@${realm}"
)
if $ipa_role == 'client' {
$final_configure_dns_server = false
} else {
$final_configure_dns_server = $configure_dns_server
}
class {'::freeipa::install':}
include freeipa::install
}
......@@ -21,11 +21,20 @@ class freeipa::install {
# Note: sssd.conf handled by ipa-server-install.
if $freeipa::install_sssd {
contain 'freeipa::install::sssd'
package { $freeipa::sssd_package_name:
ensure => present,
}
}
if $freeipa::install_autofs {
contain 'freeipa::install::autofs'
package { $freeipa::autofs_package_name:
ensure => present,
}
service { 'autofs':
ensure => 'running',
enable => true,
}
}
if $freeipa::install_sssdtools {
......
#
# @summary Installs and start autofs
#
# @example
# include freeipa::install::autofs
#
class freeipa::install::autofs {
package { $freeipa::autofs_package_name:
ensure => present,
}
service { 'autofs':
ensure => 'running',
enable => true,
}
}
#
# @summary Install sssd package
#
# @example
# include freeipa::install::sssd
#
# @api private
#
class freeipa::install::sssd {
assert_private()
package { $freeipa::sssd_package_name:
ensure => present,
}
}
---
HOSTS:
ipa-server-1:
roles:
- default
- master
- centos
platform: el-8-x86_64
hypervisor: vagrant
box: centos/8
box_check_update: false
vagrant_memsize: 2048
vagrant_cpus: 2
ip: 10.10.10.35
ipa-server-2:
roles:
- replica
- centos
platform: el-8-x86_64
hypervisor: vagrant
box: centos/8
box_check_update: false
vagrant_memsize: 2048
vagrant_cpus: 2
ip: 10.10.10.36
ipa-client-centos:
roles:
- client
- client-centos7
- centos
platform: el-7-x86_64
hypervisor: vagrant
box: centos/7
box_version: 1809.01
box_check_update: false
vagrant_memsize: 1024
ip: 10.10.10.37
ipa-client-ubuntu16:
roles:
- client
- client-ubuntu16
platform: ubuntu-1604-amd64
hypervisor: vagrant
box: ubuntu/xenial64
box_version: 20181114.0.0
box_check_update: false
vagrant_memsize: 1024
ip: 10.10.10.38
CONFIG:
type: foss
loglevel: debug
......@@ -22,10 +22,8 @@ describe 'freeipa', type: :class do
it { is_expected.to contain_class('freeipa::install') }
it { is_expected.to contain_class('freeipa::install::server') }
it { is_expected.to contain_class('freeipa::install::sssd') }
it { is_expected.to contain_class('freeipa::install::server::master') }
it { is_expected.not_to contain_class('freeipa::install::autofs') }
it { is_expected.not_to contain_class('freeipa::install::server::replica') }
it { is_expected.not_to contain_class('freeipa::install::client') }
......@@ -57,10 +55,8 @@ describe 'freeipa', type: :class do
it { is_expected.to contain_class('freeipa::install') }
it { is_expected.to contain_class('freeipa::install::server') }
it { is_expected.to contain_class('freeipa::install::sssd') }
it { is_expected.to contain_class('freeipa::install::server::replica') }
it { is_expected.not_to contain_class('freeipa::install::autofs') }
it { is_expected.not_to contain_class('freeipa::install::server::master') }
it { is_expected.not_to contain_class('freeipa::install::client') }
......@@ -93,10 +89,8 @@ describe 'freeipa', type: :class do
end
it { is_expected.to contain_class('freeipa::install') }
it { is_expected.to contain_class('freeipa::install::sssd') }
it { is_expected.to contain_class('freeipa::install::client') }
it { is_expected.not_to contain_class('freeipa::install::autofs') }
it { is_expected.not_to contain_class('freeipa::install::server') }
it { is_expected.not_to contain_class('freeipa::install::server::master') }
it { is_expected.not_to contain_class('freeipa::install::server::replica') }
......
require 'spec_helper'
describe 'freeipa::install::autofs' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts }
let(:pre_condition) do
manifest = <<-EOS
class{ 'freeipa' :
ipa_role => 'master',
ipa_master_fqdn => 'master.example.lan',
ipa_server_fqdn => 'foo.example.lan',
domain => 'example.lan',
password_usedto_joindomain => 'foobartest',
puppet_admin_password => 'foobartest',
directory_services_password => 'foobartest',
ip_address => '10.10.10.35',
}
EOS
manifest
end
it { is_expected.to compile }
end
end
end
require 'spec_helper'
describe 'freeipa::install::sssd' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts }
let(:pre_condition) do
manifest = <<-EOS
class{ 'freeipa' :
ipa_role => 'master',
ipa_master_fqdn => 'master.example.lan',
ipa_server_fqdn => 'foo.example.lan',
domain => 'example.lan',
password_usedto_joindomain => 'foobartest',
puppet_admin_password => 'foobartest',
directory_services_password => 'foobartest',
ip_address => '10.10.10.35',
}
EOS
manifest
end
it { is_expected.to compile }
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment