Commit e7e10384 authored by Fabien Combernous's avatar Fabien Combernous

Merge branch '3-fix-install-master-client' into 'master'

Resolve "Fix Install Master"

Closes #3

See merge request adullact/puppet-freeipa!3

The failed Ci will be solved with pdk issue #5
parents 05938e98 9f724816
......@@ -6,3 +6,5 @@ pkg
spec/fixtures/
.idea/
.vagrant/
Gemfile.lock
log/
---
stages:
- acceptance-puppet4
- acceptance-puppet5
cache:
paths:
- vendor/bundle
before_script:
- bundle -v
- bundle install --path vendor/bundle
acceptance_with_puppet4:
stage: 'acceptance-puppet4'
image: ruby:2.1.9
variables:
BEAKER_PUPPET_COLLECTION: 'pc1'
PUPPET_GEM_VERSION: '~> 4.10'
script:
- bundle exec rspec spec/acceptance
acceptance_with_puppet5_ubuntu:
stage: 'acceptance-puppet5'
image: ruby:2.4.4
variables:
BEAKER_PUPPET_COLLECTION: 'puppet5'
PUPPET_GEM_VERSION: '~> 5.5'
script:
- bundle exec rspec spec/acceptance
......@@ -12,19 +12,32 @@ group :development do
end
group :test, :development do
gem 'puppet', '4.9.4'
# should be 3.7.2 but not available on rubygems
gem 'facter'
gem 'hiera', '3.3.1'
gem 'hiera'
gem 'parallel_tests'
# other testing gems we want
gem 'rspec-puppet'
gem 'puppetlabs_spec_helper'
gem 'rake-notes'
gem 'beaker-puppet'
gem 'beaker-docker'
gem 'beaker'
gem 'beaker-rspec'
gem 'beaker-puppet_install_helper'
gem 'beaker-module_install_helper'
gem 'metadata-json-lint'
gem 'puppet-lint'
gem 'rspec'
gem 'rake'
# pinning specific versions
gem 'puppet-lint', '~> 2.1'
# net-telnet 0.2.0 requires Ruby version >= 2.3.0
# rubocop 0.58.0 requires Ruby version >= 2.2.0
if RUBY_VERSION == '2.1.9'
gem 'net-telnet', '< 0.2.0'
gem 'rubocop', '< 0.58.0'
elsif RUBY_VERSION == '2.4.4'
gem 'net-telnet', '>= 0.2.0'
gem 'rubocop', '>= 0.58.0'
end
end
# -*- mode: ruby -*-
Vagrant.configure("2") do |config|
config.vm.define "ipa-server-1" do |box|
box.vm.box = "bento/centos-7.3"
box.vm.hostname = 'ipa-server-1.vagrant.example.lan'
# Assign this VM to a host-only network IP, allowing you to access it
# via the IP.
box.vm.provider 'virtualbox' do |vb|
vb.customize ["modifyvm", :id, "--natnet1", "172.31.9/24"]
vb.gui = false
vb.memory = 4096
vb.customize ["modifyvm", :id, "--ioapic", "on"]
vb.customize ["modifyvm", :id, "--hpet", "on"]
end
box.vm.network "private_network", ip: "192.168.44.35"
box.vm.network "forwarded_port", guest: 8000, host: 8000
box.vm.network "forwarded_port", guest: 8440, host: 8440
$script = <<SCRIPT
echo I am provisioning...
export FACTER_is_vagrant='true'
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
yum install -y puppet-agent
export PATH=$PATH:/opt/puppetlabs/bin
puppet module install puppetlabs-concat
puppet module install puppetlabs-stdlib
puppet module install crayfishx-firewalld
puppet module install puppet-selinux
if [ -d /tmp/modules/freeipa ]; then rm -rf /tmp/modules/freeipa; fi
mkdir -p /tmp/modules/freeipa
cp -r /vagrant/* /tmp/modules/freeipa
puppet apply --modulepath '/tmp/modules:/etc/puppetlabs/code/environments/production/modules' -e "\
class {'::freeipa':\
ipa_role => 'master',\
domain => 'vagrant.example.lan',\
ipa_server_fqdn => 'ipa-server-1.vagrant.example.lan',\
admin_password => 'vagrant123',\
directory_services_password => 'vagrant123',\
install_ipa_server => true,\
ip_address => '192.168.44.35',\
enable_ip_address => true,\
enable_hostname => true,\
manage_host_entry => true,\
install_epel => true,\
webui_disable_kerberos => true,\
webui_enable_proxy => true,\
webui_force_https => true,\
}"
SCRIPT
box.vm.provision "shell", inline: $script
end
config.vm.define "ipa-server-2" do |box|
box.vm.box = "bento/centos-7.3"
box.vm.hostname = 'ipa-server-2.vagrant.example.lan'
# Assign this VM to a host-only network IP, allowing you to access it
# via the IP.
box.vm.provider 'virtualbox' do |vb|
vb.customize ["modifyvm", :id, "--natnet1", "172.31.9/24"]
vb.gui = false
vb.memory = 4096
vb.customize ["modifyvm", :id, "--ioapic", "on"]
vb.customize ["modifyvm", :id, "--hpet", "on"]
end
box.vm.network "private_network", ip: "192.168.44.36"
$script = <<SCRIPT
echo I am provisioning...
export FACTER_is_vagrant='true'
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
yum install -y puppet-agent
export PATH=$PATH:/opt/puppetlabs/bin
puppet module install puppetlabs-concat
puppet module install puppetlabs-stdlib
puppet module install crayfishx-firewalld
puppet module install puppet-selinux
puppet module install saz-resolv_conf
if [ -d /tmp/modules/freeipa ]; then rm -rf /tmp/modules/freeipa; fi
mkdir -p /tmp/modules/freeipa
cp -r /vagrant/* /tmp/modules/freeipa
puppet apply --modulepath '/tmp/modules:/etc/puppetlabs/code/environments/production/modules' -e "\
class { 'resolv_conf':\
nameservers => ['192.168.44.35'],\
}"
puppet apply --modulepath '/tmp/modules:/etc/puppetlabs/code/environments/production/modules' -e "\
host {'ipa-server-1.vagrant.example.lan':\
ensure => present,\
ip => '192.168.44.35',\
}"
puppet apply --modulepath '/tmp/modules:/etc/puppetlabs/code/environments/production/modules' -e "\
class {'::freeipa':\
ipa_role => 'replica',\
domain => 'vagrant.example.lan',\
ipa_server_fqdn => 'ipa-server-2.vagrant.example.lan',\
domain_join_password => 'vagrant123',\
install_ipa_server => true,\
ip_address => '192.168.44.36',\
enable_ip_address => true,\
enable_hostname => true,\
manage_host_entry => true,\
install_epel => true,\
ipa_master_fqdn => 'ipa-server-1.vagrant.example.lan',\
}"
SCRIPT
# admin_password => 'vagrant123',\
box.vm.provision "shell", inline: $script
end
config.vm.define "ipa-client-1" do |box|
box.vm.box = "bento/centos-7.3"
box.vm.hostname = 'ipa-client-1.vagrant.example.lan'
# Assign this VM to a host-only network IP, allowing you to access it
# via the IP.
box.vm.provider 'virtualbox' do |vb|
vb.customize ["modifyvm", :id, "--natnet1", "172.31.9/24"]
vb.gui = false
vb.memory = 4096
vb.customize ["modifyvm", :id, "--ioapic", "on"]
vb.customize ["modifyvm", :id, "--hpet", "on"]
end
box.vm.network "private_network", ip: "192.168.44.37"
$script = <<SCRIPT
echo I am provisioning...
export FACTER_is_vagrant='true'
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
yum install -y puppet-agent
export PATH=$PATH:/opt/puppetlabs/bin
puppet module install puppetlabs-concat
puppet module install puppetlabs-stdlib
puppet module install crayfishx-firewalld
puppet module install puppet-selinux
puppet module install saz-resolv_conf
if [ -d /tmp/modules/freeipa ]; then rm -rf /tmp/modules/freeipa; fi
mkdir -p /tmp/modules/freeipa
cp -r /vagrant/* /tmp/modules/freeipa
puppet apply --modulepath '/tmp/modules:/etc/puppetlabs/code/environments/production/modules' -e "\
class { 'resolv_conf':\
nameservers => ['192.168.44.35'],\
}"
puppet apply --modulepath '/tmp/modules:/etc/puppetlabs/code/environments/production/modules' -e "\
class {'::freeipa':\
ipa_role => 'client',\
domain => 'vagrant.example.lan',\
domain_join_password => 'vagrant123',\
install_epel => true,\
ipa_master_fqdn => 'ipa-server-1.vagrant.example.lan',\
}"
SCRIPT
box.vm.provision "shell", inline: $script
end
end
......@@ -16,9 +16,13 @@ class freeipa::config::admin_user {
}
file { "${home_dir_path}/.k5login":
owner => $uid_number,
group => $uid_number,
require => File[$home_dir_path],
owner => $uid_number,
group => $uid_number,
require => File[$home_dir_path],
seluser => 'user_u',
selrole => 'object_r',
seltype => 'krb5_home_t',
selrange => 's0',
}
file { "${home_dir_path}/admin.keytab":
......
......@@ -48,7 +48,7 @@ class freeipa::config::webui {
path => '/etc/httpd/conf.d/ipa.conf',
line => " <If \"%{HTTP_HOST} != '${proxy_server_external_fqdn_and_port}'\">",
notify => Service['httpd'],
after => '<Location\ "/ipa">',
after => '^<Location\ "/ipa">$',
}
file_line{'disable_kerberos_via_if_2':
......
......@@ -144,10 +144,12 @@
# TODO: configurable admin username.
#
class freeipa (
String $hostname = 'default',
String $domain,
String $ipa_role,
String $admin_password = '',
String $directory_services_password = '',
# Array[String] $nameservers = "${freeipa::nameservers}",
String $autofs_package_name = 'autofs',
Boolean $client_install_ldaputils = false,
Boolean $configure_dns_server = true,
......@@ -158,7 +160,7 @@ class freeipa (
Boolean $enable_hostname = true,
Boolean $enable_ip_address = false,
Boolean $fixed_primary = false,
Integer $idstart = (fqdn_rand('10737') + 10000),
Integer $idstart = 10000,
Boolean $install_autofs = false,
Boolean $install_epel = true,
Boolean $install_kstart = true,
......
......@@ -30,23 +30,29 @@ class freeipa::install {
}
}
if $freeipa::ipa_role == 'master' or $freeipa::ipa_role == 'replica' {
if $freeipa::final_configure_dns_server {
$dns_packages = [
'ipa-server-dns',
'bind-dyndb-ldap',
]
package{$dns_packages:
ensure => present,
}
case $freeipa::ipa_role {
'client': {
if $freeipa::install_ipa_client {
contain 'freeipa::install::client'
}
}
'master', 'replica': {
if $freeipa::final_configure_dns_server {
$dns_packages = [
'ipa-server-dns',
'bind-dyndb-ldap',
]
package{$dns_packages:
ensure => present,
}
}
if $freeipa::install_ipa_server {
contain 'freeipa::install::server'
if $freeipa::install_ipa_server {
contain 'freeipa::install::server'
}
}
} elsif $freeipa::ipa_role == 'client' {
if $freeipa::install_ipa_client {
contain 'freeipa::install::client'
default: {
fail ("unexpected role ${freeipa::ipa_role}")
}
}
......
#
class freeipa::install::client {
package{$freeipa::ipa_client_package_name:
ensure => present,
}
......
#
class freeipa::install::server {
Exec {
path => '/usr/local/bin/:/bin/:/sbin',
}
package{$freeipa::ipa_server_package_name:
ensure => present,
}
......@@ -70,6 +74,12 @@ class freeipa::install::server {
contain 'freeipa::install::server::replica'
}
exec { 'semanage':
command => 'semanage port -a -t http_port_t -p tcp 8440',
unless => 'semanage port --list |grep 8440',
user => root,
}
ensure_resource (
'service',
'httpd',
......
......@@ -13,6 +13,7 @@ class freeipa::install::server::master {
${freeipa::install::server::server_install_cmd_opts_no_ntp} \
${freeipa::install::server::server_install_cmd_opts_idstart} \
${freeipa::install::server::server_install_cmd_opts_no_ui_redirect} \
--auto-reverse \
--unattended"
file { '/etc/ipa/primary':
......@@ -25,7 +26,7 @@ class freeipa::install::server::master {
unless => '/usr/sbin/ipactl status >/dev/null 2>&1',
creates => '/etc/ipa/default.conf',
logoutput => 'on_failure',
notify => Easy_ipa::Helpers::Flushcache["server_${freeipa::ipa_server_fqdn}"],
notify => Freeipa::Helpers::Flushcache["server_${freeipa::ipa_server_fqdn}"],
before => Service['sssd'],
}
-> cron { 'k5start_root': #allows scp to replicas as root
......
......@@ -26,7 +26,7 @@ class freeipa::install::server::replica {
unless => '/usr/sbin/ipactl status >/dev/null 2>&1',
creates => '/etc/ipa/default.conf',
logoutput => 'on_failure',
notify => Easy_ipa::Helpers::Flushcache["server_${freeipa::ipa_server_fqdn}"],
notify => Freeipa::Helpers::Flushcache["server_${freeipa::ipa_server_fqdn}"],
before => Service['sssd'],
}
-> cron { 'k5start_root':
......
{
"name": "jpuskar-easy_ipa",
"version": "1.0.0",
"author": "jpuskar",
"name": "puppet-freeipa",
"version": "1.6.1",
"author": "adullcat",
"summary": "Manages IPA servers and clients.",
"license": "Apache-2.0",
"source": "https://github.com/jpuskar/puppet-ipa",
"project_page": "https://github.com/jpuskar/puppet-ipa",
"issues_url": "https://github.com/jpuskar/puppet-ipa",
"source": "https://gitlab.adullact.net/adullact/puppet-freeipa/tree/3-fix-install-master-client",
"project_page": "https://gitlab.adullact.net/adullact/puppet-freeipa/",
"issues_url": "https://gitlab.adullact.net/adullact/puppet-freeipa/",
"dependencies": [
{
"name": "puppetlabs-stdlib",
......
require 'spec_helper_acceptance'
describe 'freeipa class' do
describe 'install' do
### Test Install Master
context 'master' do
context 'with default parameters' do
hosts_as('master').each do |master|
it 'applies idempotently' do
pp = <<-EOS
class { 'freeipa':
ipa_role => 'master',
hostname => 'ipa-server-1',
domain => 'vagrant.example.lan',
ipa_server_fqdn => 'ipa-server-1.vagrant.example.lan',
admin_password => 'vagrant123',
directory_services_password => 'vagrant123',
install_ipa_server => true,
ip_address => '192.168.44.35',
enable_ip_address => true,
enable_hostname => true,
manage_host_entry => true,
install_epel => true,
webui_disable_kerberos => true,
webui_enable_proxy => true,
webui_force_https => true,
}
EOS
apply_manifest_on(master, pp, :catch_failures => true)
apply_manifest_on(master, pp, :catch_changes => true)
end
describe command('ipactl status') do
its(:exit_status) { should eq 0 }
end
end
end
end
end
end
---
HOSTS:
ipa-server-1:
roles:
- default
- master
platform: el-7-x86_64
hypervisor: vagrant
box: geerlingguy/centos7
vagrant_memsize: 2048
ip: 192.168.44.35
forwarded_ports:
httpd1:
from: 8000
to: 8000
httpd2:
from: 8440
to: 8440
CONFIG:
type: foss
loglevel: debug
require 'beaker-rspec/spec_helper'
require 'beaker-rspec/helpers/serverspec'
require 'beaker/puppet_install_helper'
require 'beaker/module_install_helper'
#PUPPET_INSTALL_VERSION = 5+
run_puppet_install_helper
install_module_on(hosts)
install_module_dependencies_on(hosts)
RSpec.configure do |c|
# Configure all nodes in nodeset
c.before :suite do
hosts.each do |host|
on host, puppet('module', 'install', 'puppetlabs-concat')
on host, puppet('module', 'install', 'puppetlabs-stdlib')
on host, puppet('module', 'install', 'crayfishx-firewalld')
on host, puppet('module', 'install', 'puppet-selinux')
pp = <<-EOS
exec { 'stop network manager':
command => 'systemctl stop NetworkManager',
onlyif => 'systemctl status NetworkManager',
path => '/usr/bin:/sbin:/bin'
}
EOS
apply_manifest_on(host, pp, :catch_failures => true)
## Preconfigure master
pp = <<-EOS
exec { 'set master /etc/hosts':
path => '/bin/',
command => 'echo -e "127.0.0.1 ipa-server-1.vagrant.example.lan ipa-server-1\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n 192.168.44.35 ipa-server-1.vagrant.example.lan ipa-server-1\n" > /etc/hosts',
}
EOS
apply_manifest(pp, :catch_failures => true, :debug => true)
end
end
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment